Tweet
Tweet

Slide 1

Slide 1 text

Tackling OpenAPI Drift Lessons from the ‘AcmeFS’ Experience Ikenna Nwaiwu @ Ikenna Consulting Apidays Paris 2024

Slide 2

Slide 2 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 About Me 2

Slide 3

Slide 3 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 Author & Independent Consultant 3

Slide 4

Slide 4 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 API Governance problems I help my clients solve: •API sprawl •API drift •High API delivery lead time 4 Advisory to API providers and API tool vendors.

Slide 5

Slide 5 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 Agenda •Is API Drift a Problem? •The AcmeFS API Drift Problem •Countermeasures considered •AcmeFS’ implementation plan •The Result •Lessons learnt •Summary 5

Slide 6

Slide 6 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 Is API Drift a problem? 6

Slide 7

Slide 7 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 Survey question: Our published API documentation matches our API behaviour 30% 66% 4% Strongly disagree / Disagree / Neither Agree nor disagree Agree / Strongly Agree Not applicable 7 Results from Berlin API conferences in Belgium and Berlin.

Slide 8

Slide 8 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 75% Non-Conformant endpoints Source: OpenAPI Specifications in the Real World, August 2024. 8 Credit: Ralfs Blumbergs

Slide 9

Slide 9 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 25% Absolutely no endpoints in the API conform to docs Source: OpenAPI Specifications in the Real World, August 2024. 9 Credit: Borna Bevanda

Slide 10

Slide 10 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 100% 100% 89% 86% 67% 20% 0% 0% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% UK Legacy Banks Stripe GitHub Twilio Intercom Zoom Box Pivotal Tracker Selected API Endpoint Conformance Rate Source: OpenAPI Specifications in the Real World, August 2024. 10

Slide 11

Slide 11 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 So, if many popular APIs suffer API drift, is it really an issue? 11

Slide 12

Slide 12 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 The AcmeFS Drift Problem Story: 12

Slide 13

Slide 13 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 BigBank1 is a strong prospect. 13 Proof of Concept (PoC) stage.

Slide 14

Slide 14 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 AcmeFS Platform OpenAPI validation in BigBank1 API gateway BigBank1 services BigBank1 14

Slide 15

Slide 15 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 API Drift Detected! •Missing response schema fields and objects •Incorrect HTTP response codes •Incorrect data format in response schema •Incorrect data format in request schema 15

Slide 16

Slide 16 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 No Deal 16

Slide 17

Slide 17 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 What should AcmeFS do? Another prospect, BigBank2. PoC in two weeks. 30% of endpoints in the customer workflow had API drift. 17

Slide 18

Slide 18 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 Countermeasures Considered 18

Slide 19

Slide 19 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 #1: Generate OpenAPI descriptions from code. springdoc-openapi https://springdoc.org / 19

Slide 20

Slide 20 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 #2: Generate Spring Boot code from OpenAPI ? Possible Long-Term Solution Short-term solution? OpenAPI Generator 20

Slide 21

Slide 21 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 #3: Generate OpenAPI descriptions and code from Language-oriented API dev tools? TypeSpec 21

Slide 22

Slide 22 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 #4: Use consumer-driven contract (CDC) testing? Spring Cloud Contract 22

Slide 23

Slide 23 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 #5: Use bi-directional contract (BDC) testing? Pactflow 23

Slide 24

Slide 24 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 #6: Use provider-driven contract (PDC) testing with code-based schema tests? Rest Assured Atlassian swagger-request-validator https://bitbucket.org/atlassian/swagger-request-validator Possible Long-Term Solution 24 https://github.com/karatelabs/karate Short-term solution?

Slide 25

Slide 25 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 #7: Use provider-driven contract (PDC) testing with generated schema tests? Schemathesis Possible Long-Term Solution 25 Short-term solution?

Slide 26

Slide 26 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 #8: OpenAPI validation in API Gateway + OpenAPI Validation Policy / Plugin 26

Slide 27

Slide 27 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 #9: Use provider-driven contract (PDC) testing with a validating proxy? 27 https://github.com/pb33f/wiretap https://github.com/stoplightio/prism

Slide 28

Slide 28 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 Implementation Plan 28

Slide 29

Slide 29 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 AcmeFS Platform Processed OpenAPI file Existing User workflow Postman Collection 29

Slide 30

Slide 30 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 Join (combine) multiple OpenAPI files into one Inject additionalProperties=false Filter unused components Filter legacy endpoints 30

Slide 31

Slide 31 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 The Result 31

Slide 32

Slide 32 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 70% 100% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Before API Drift Fix After API Drift Fix API Conformance 32

Slide 33

Slide 33 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 BigBank2 PoC Successful. Deal signed. 33

Slide 34

Slide 34 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 Lessons Learnt 34

Slide 35

Slide 35 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 Use the Product and Client Solution (Dev Roles) roles to write user journey collections, which can be used in automated contract tests! 35 # 1

Slide 36

Slide 36 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 github.com/usebruno/bruno 36

Slide 37

Slide 37 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 When fixing API drift, consider starting from the most common user workflows 37 # 2

Slide 38

Slide 38 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 Pipeline to transform OpenAPI was crucial. Join (combine) multiple OpenAPI files into one Filter unused components Filter legacy endpoints Inject additionalProperties=false 38 # 3

Slide 39

Slide 39 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 Summary 39

Slide 40

Slide 40 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 • Many APIs suffer API drift • For some APIs, drift is a deal breaker • Request Collections + PDC + Transformed OpenAPI 40

Slide 41

Slide 41 text

Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921 Q&A 41 Rate this talk Slido: 2191713 The End