Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Become a Pro at API Management: A declarative a...

paraskakis
October 10, 2019
Programming
0
300

Become a Pro at API Management: A declarative approach

Presented at API World 2019 and API Specs Conference 2019.
OpenAPI has become the standard way to describe APIs and Services but when it comes to runtime configuration, it’s a Tower of Babel: each vendor takes a different approach, or worse, DevOps are forced back into a UI, with no good way to script and automate deployments. We’ll examine the current state of declaring configuration in API Definitions and examine proposals to improve infrastructure as code via OpenAPI.

paraskakis

October 10, 2019
Tweet

More Decks by paraskakis

See All by paraskakis
API Best Practices
paraskakis
0
180
Outside-in Development for APIs and Microservices
paraskakis
0
26
API Design Hands-On Lab
paraskakis
0
46
Bring Design Thinking to your API Lifecycle
paraskakis
0
120
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
820
APIDays_Design_API_Security.pdf
paraskakis
0
81
Have Your Layer Cake and Eat it Too
paraskakis
1
160
Keeping your APIs Honest - Gluecon 2017
paraskakis
0
110
Easy Data Modeling with MSON (Defrag 2016)
paraskakis
0
99

Other Decks in Programming

See All in Programming
WEBエンジニア向けAI活用入門
sutetotanuki
0
300
Identifying User Idenity
moro
6
7.9k
Kubernetes for Data Engineers: Building Scalable, Reliable Data Pipelines
sucitw
1
200
のびしろを広げる巻き込まれ力:偶然を活かすキャリアの作り方/oso2024
takahashiikki
1
410
CSC305 Lecture 13
javiergs
PRO
0
130
/←このスケジュール表に立ち向かう フロントエンド開発戦略 / A front-end development strategy to tackle a single-slash schedule.
nrslib
1
590
Streams APIとTCPフロー制御 / Web Streams API and TCP flow control
tasshi
1
300
Progressive Web Apps für Desktop und Mobile mit Angular (Hands-on)
christianliebel
PRO
0
110
Content Security Policy入門 セキュリティ設定と 違反レポートのはじめ方 / Introduction to Content Security Policy Getting Started with Security Configuration and Violation Reporting
uskey512
1
440
Tuning GraphQL on Rails
pyama86
2
1k
Webの技術スタックで マルチプラットフォームアプリ開発を可能にするElixirDesktopの紹介
thehaigo
2
930
Vaporモードを大規模サービスに最速導入して学びを共有する
kazukishimamoto
4
4.3k

Featured

See All Featured
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
3
370
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
37
1.8k
Designing for Performance
lara
604
68k
Agile that works and the tools we love
rasmusluckow
327
21k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
9
680
Done Done
chrislema
181
16k
Why You Should Never Use an ORM
jnunemaker
PRO
53
9k

Transcript

  1. Become a Pro at API Management: A declarative approach Emmanuel

    Paraskakis |@manp VP Product, SmartBear

  2. Proprietary & Confidential 2 Configuring API Management today – UI

    or CLI/API

  3. Proprietary & Confidential 3 UI - Great for getting started,

    but… • No repeatability – maybe dump/restore a config file? • Can’t easily see differences between configs • Not easy to version • Not easy to share/collaborate on • Start from scratch every time • No templating/reuse/examples • Configuration proliferation and drift

  4. Proprietary & Confidential 4 Better: Declarative Config • Like code…

    so you can diff it, check it in • Can view/share entire config in a doc but… | Usually proprietary format | duplication of API Description… | what if I already have an OpenAPI doc?

  5. Proprietary & Confidential 5 Best: Reuse API Description • Add

    “vendor extensions” to your OpenAPI doc (inline) • Reuse of paths, methods and other elements • Use a single document as Source of Truth • Minimize inconsistencies but… | Vendor extensions are not part of the standard | They are different for each vendor, not only in syntax, but in scope/purpose

  6. Proprietary & Confidential 6 Can we do better? • What

    if runtime configuration were part of OpenAPI? And vendor extensions were unified and part of the standard? What we have already: | Use “servers” for environment configuration | Use “security” “securitySchemes” for authN What we’re missing: | A “backends” object | Request and Response Policy spec | Analytics config/aggregation Servers Backends Security Request Policies Response Policies

  7. Proprietary & Confidential 7 Servers Servers Backends Security Request Policies

    Response Policies

  8. Proprietary & Confidential 8 Security Servers Backends Security Request Policies

    Response Policies

  9. Proprietary & Confidential 9 Request Policies Servers Backends Security Request

    Policies Response Policies

  10. Proprietary & Confidential 10 Backends Servers Backends Security Request Policies

    Response Policies

  11. Proprietary & Confidential 11 Response Policies Servers Backends Security Request

    Policies Response Policies

  12. Proprietary & Confidential 12 What’s next? • OpenAPI Proposal to

    support Runtime Configuration: • Request/Response Policies • Backends • Analytics Aggregation • OpenAPI Proposal for Overlays #1843 • OpenAPI Proposal to extend support for Substitution Variables Credits for Inspiration: Mark Foster Vincenzo Chianese