Mastering API Architecture: Design, Operate, and Evolve API-Based Systems PDF

290 Pages·2022·9.28 MB·English
Mastering MM aa ss API Architecture tt ee rr ii nn Design, Operate, and Evolve API-Based Systems gg AA PP II AA rr Compliments of cc hh ii tt ee cc tt uu rr ee G o u g &h A, B ur by ua rn nt James Gough, Daniel Bryant & Matthew Auburn Foreword by Sarah Wells Mastering API Architecture Most organizations with a web presence build and operate APIs—the doorway for customers to begin their interaction “With so much attention on with the company’s services. Designing, building, and containers and microser- managing these critical programs affects everyone in the vices, people often ignore organization, from engineers and product owners to C-suite the fundamentals around executives. But the real challenge for developers and solution how their services commu- architects is creating an API platform from the ground up. nicate. This book sets this With this practical book, you’ll learn strategies for building right, with an in-depth look and testing REST APIs that use API gateways to combine at how to structure and offerings at the microservice level. Authors James Gough, Daniel Bryant, and Matthew Auburn explain how simple evolve your APIs.” —Sam Newman additions to this infrastructure can help engineers and author of Building Microservices organizations migrate toward the cloud —and open the opportunity to connect internal services using technologies “Excellently written with like a service mesh. lots of tips, examples, and • Learn API fundamentals and architectural patterns for practical advice.” building an API platform —Stefania Chaplin • Use practical examples to understand how to design, build, GitLab & DevStefOps and test API-based systems • Deploy, operate, and configure key components of an API James Gough is a Distinguished Engineer platform at Morgan Stanley, a Java Champion, and coauthor of Optimizing Java. • Use API gateways and service meshes appropriately, based Daniel Bryant is head of developer on case studies relations at Ambassador Labs and a Java • Understand core security and common vulnerabilities in API Champion. His expertise is in DevOps architecture tooling, cloud/container platforms, and G microservices. o • Secure data and APIs using threat modeling and technologies u like OAuth2 and TLS Matthew Auburn is a VP at Morgan &gh • Learn how to evolve existing systems toward API- and cloud- Ssytasntelemys. ,H oen h maso wbioler kaendd owne fibn ancial Au, Br by based architectures applications, and in API security. ua rn nt SOFTWARE ARCHITECTURE Twitter: @oreillymedia linkedin.com/company/oreilly-media US $59.99 CAN $74.99 youtube.com/oreillymedia IISSBBNN:: 997788--11--409928--0149506683--22 Design, Operate, and Evolve Modern Apps by Mastering API Architecture Learn how to build, manage, and secure APIs using best practices for modern architecture, then test your skills by following a hypothetical case study of an organization that replatforms a legacy app for the cloud. API Managing and Fundamentals Monitoring APIs Securing Replatforming APIs for the Cloud Learn more › Mastering API Architecture Design, Operate, and Evolve API-Based Systems James Gough, Daniel Bryant, and Matthew Auburn BBeeiijjiinngg BBoossttoonn FFaarrnnhhaamm SSeebbaassttooppooll TTookkyyoo Mastering API Architecture by James Gough, Daniel Bryant, and Matthew Auburn Copyright © 2023 James Gough Ltd, Big Picture Tech Ltd, and Matthew Auburn Ltd. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com. Acquisitions Editor: Melissa Duffield Indexer: nSight, Inc. Development Editor: Virginia Wilson Interior Designer: David Futato Production Editor: Clare Laylock Cover Designer: Karen Montgomery Copyeditor: Kim Cofer Illustrator: Kate Dullea Proofreader: Amnet Systems LLC October 2022: First Edition Revision History for the First Edition 2022-10-17: First Release See http://oreilly.com/catalog/errata.csp?isbn=9781492090632 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Mastering API Architecture, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights. This work is part of a collaboration between O’Reilly and F5. See our statement of editorial independence. 978-1-098-14568-2 [LSI] This book is dedicated to Alex Blewitt, who unfortunately passed away before publication. We would like to thank Alex for his candid feedback, constant support, and warm friendship over the years. —The Authors Table of Contents Foreword. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv Part I. Designing, Building, and Testing APIs 1. Design, Build, and Specify APIs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Case Study: Designing the Attendee API 3 Introduction to REST 4 Introduction to REST and HTTP by Example 4 The Richardson Maturity Model 5 Introduction to Remote Procedure Call (RPC) APIs 6 A Brief Mention of GraphQL 7 REST API Standards and Structure 8 Collections and Pagination 10 Filtering Collections 10 Error Handling 11 ADR Guideline: Choosing an API Standard 12 Specifying REST APIs Using OpenAPI 12 Practical Application of OpenAPI Specifications 13 Code Generation 13 OpenAPI Validation 13 Examples and Mocking 14 Detecting Changes 15 API Versioning 15 Semantic Versioning 16 vii OpenAPI Specification and Versioning 16 Implementing RPC with gRPC 18 Modeling Exchanges and Choosing an API Format 20 High-Traffic Services 20 Large Exchange Payloads 20 HTTP/2 Performance Benefits 21 Vintage Formats 21 Guideline: Modeling Exchanges 22 Multiple Specifications 22 Does the Golden Specification Exist? 22 Challenges of Combined Specifications 23 Summary 24 2. Testing APIs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Conference System Scenario for This Chapter 28 Testing Strategies 28 Test Quadrant 29 Test Pyramid 31 ADR Guideline for Testing Strategies 34 Contract Testing 34 Why Contract Testing Is Often Preferable 34 How a Contract Is Implemented 35 ADR Guideline: Contract Testing 40 API Component Testing 41 Contract Testing Versus Component Testing 42 Case Study: Component Test to Verify Behavior 42 API Integration Testing 44 Using Stub Servers: Why and How 44 ADR Guideline: Integration Testing 46 Containerizing Test Components: Testcontainers 47 Case Study: Applying Testcontainers to Verify Integrations 47 End-to-End Testing 49 Automating End-to-End Validation 49 Types of End-to-End Tests 50 ADR Guideline: End-to-End Testing 51 Summary 52 Part II. API Traffic Management 3. API Gateways: Ingress Traffic Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Is an API Gateway the Only Solution? 55 Guideline: Proxy, Load Balancer, or API Gateway 56 viii | Table of Contents

