BUILDING YOUR
API UTILITY BELT
D. KEITH CASEY JR. @CASEYSOFTWARE
[email protected]
Slide 2
Slide 2 text
Who am I?
Slide 3
Slide 3 text
Who am I?
Slide 4
Slide 4 text
Who am I?
http://TheAPIDesignBook.com
Slide 5
Slide 5 text
AGENDA
ASSUMPTIONS
THE PROBLEMS
THE STATUS QUO
THE RIGHT TOOLS
Slide 6
Slide 6 text
Disclaimer
Some of the tools and services covered here are
open source, some are commercial products, and
some are a blend of both.
I have no vested interest in any of them though I
know people at all of the companies involved.
* Also, all pictures used without permission or attribution.
Slide 7
Slide 7 text
AGENDA
ASSUMPTIONS
THE PROBLEMS
THE STATUS QUO
THE RIGHT TOOLS
Slide 8
Slide 8 text
Assumptions
You have a technical background
APIs are an important part of your job
Use them on a regular basis
Potentially build them too
Sometimes public, sometimes private
Slide 9
Slide 9 text
Assumptions
Nothing is perfect
You make mistakes
Your providers make mistakes
That other team are knuckleheads
Slide 10
Slide 10 text
Assumptions
You acknowledge the real Batman
Ben Afleck
Christian Bale
George Clooney
Val Kilmer
Michael Keaton
Slide 11
Slide 11 text
Assumptions
You acknowledge the real Batman
Ben Afleck
Christian Bale
George Clooney
Val Kilmer
Michael Keaton
Slide 12
Slide 12 text
Assumptions
Slide 13
Slide 13 text
AGENDA
ASSUMPTIONS
THE PROBLEMS
THE STATUS QUO
THE RIGHT TOOLS
Slide 14
Slide 14 text
The Problems…
Slide 15
Slide 15 text
Only one problem:
Testing APIs sucks.
Slide 16
Slide 16 text
AGENDA
ASSUMPTIONS
THE PROBLEMS
THE STATUS QUO
THE RIGHT TOOLS
Slide 17
Slide 17 text
The Status Quo…
Slide 18
Slide 18 text
The Status Quo
No wait, that sucks too.
Slide 19
Slide 19 text
AGENDA
ASSUMPTIONS
THE PROBLEMS
THE STATUS QUO
THE RIGHT TOOLS
Slide 20
Slide 20 text
TOOL 1:
CURL & LIBCURL
Slide 21
Slide 21 text
Background
Completely open source with tons of integrations
Incredible power and flexibility
Incredible complexity
Slide 22
Slide 22 text
Common Commands
-X specify an HTTP verb
-d specify data fields, such as for a POST
-I return/display all the returned headers
-H specify extra/custom headers
Slide 23
Slide 23 text
Getting Started
curl https://api.github.com
curl -I https://api.github.com
curl https://api.github.com/user/repos
curl -u caseysoftware -X POST https://
api.github.com/user/repos -d ‘{“name”:”monkey”}’
Slide 24
Slide 24 text
http://curl.haxx.se/docs/manual.html
(35 pages, no kidding..)
Slide 25
Slide 25 text
TOOL 2:
POSTMAN
Slide 26
Slide 26 text
Background
Started in Sept 2013, raised $1MM May 2015
Over 3M users (as of June 2016)
Free but with some paid extensions
Slide 27
Slide 27 text
Common Commands
(there really aren’t any - point & click)
Slide 28
Slide 28 text
Getting Started
(psst.. open postman)
Slide 29
Slide 29 text
The Real Power
Slide 30
Slide 30 text
https://www.getpostman.com/docs
Slide 31
Slide 31 text
TOOL 3: BDD IRL
Slide 32
Slide 32 text
Background
Different from Unit Testing in that we step outside
the system and take the users’ point of view
Tools in just about every language:
Cucumber, Behave, Behat, etc
Uses the Gherkin syntax
Slide 33
Slide 33 text
Our Syntax
It’s English, but in the Gherkin syntax so this:
As a [role] I want [feature] so that [benefit]
becomes a feature structured as:
Given [condition] when I [action] then [result]
Slide 34
Slide 34 text
Getting Started
Slide 35
Slide 35 text
http://docs.behat.org/
Slide 36
Slide 36 text
TOOL 4: FIDDLER
Slide 37
Slide 37 text
Background
Created by Telerik, based on .NET (Mono)
Serves as a local proxy, not a tool for requests
Free to use; some paid, some free extensions
Geoedge - route traffic through 130 locations
Slide 38
Slide 38 text
Common Functionality
Active Man in the Middle (MITM)
Logging and Recording
Traffic & Payload Analysis
Manipulation/Modification
Your logs kept locally
Background
Powered by 3Scale (acquired by Redhat recently)
Serves as a proxy, not a tool for requests
Web-based, only good for public APIs
OSS - local via RPM (or Vagrant or Docker)
Slide 44
Slide 44 text
Common Functionality
Active Man in the Middle (MITM)
Logging and Recording
Traffic & Payload Analysis
Manipulation/Modification
Your logs kept locally (or in the cloud!)
Slide 45
Slide 45 text
TOOL 6: STOPLIGHT.IO
Slide 46
Slide 46 text
Background
Started Dec 2014, still Beta but interesting
Serves as: a proxy & documentation generator
Web-based, primarily for public APIs
Using ngrok, you can share localhost
Slide 47
Slide 47 text
Common Functionality
Active Man in the Middle (MITM)
Logging and Recording
Traffic & Payload Analysis
Generates Documentation
Heavy focus on collaboration & sharing
Slide 48
Slide 48 text
Getting Started
(psst.. open stoplight)
Slide 49
Slide 49 text
https://designer.stoplight.io/docs
Slide 50
Slide 50 text
TOOL 7:
RUNSCOPE
Slide 51
Slide 51 text
Background
Started in Dec 2012, funded by a16z and others
Serves as a proxy, performance monitoring, usage
tracking, unit testing, monitoring, etc
Web-based, primarily for public APIs
Using ngrok, you can share localhost
Slide 52
Slide 52 text
Common Functionality
Active Man in the Middle (MITM)
Logging and Recording
Traffic & Payload Analysis
Your logs are kept in the cloud
Incredibly easy to share requests & callbacks
Slide 53
Slide 53 text
Getting Started
https://runscope.com
Slide 54
Slide 54 text
https://runscope.com/docs
Slide 55
Slide 55 text
To compare…
Active MITM? Logs? Collaboration?
Docs
Generation?
Testing &
Validation?
Fiddler yes local no no no
API Tools yes internal share results no yes
Stoplight.io yes local for definitions yes no
Runscope yes cloud share results no yes
Slide 56
Slide 56 text
AGENDA
ASSUMPTIONS
THE PROBLEMS
THE STATUS QUO
THE RIGHT TOOLS
Slide 57
Slide 57 text
No content
Slide 58
Slide 58 text
No content
Slide 59
Slide 59 text
D. KEITH CASEY JR. @CASEYSOFTWARE
[email protected]
BUILDING YOUR
API UTILITY BELT