4. Apps Depend on API Backends
Your App
Direct
Indirect
Proxy
Your Backend
5. Creates Problems
Development
Time
Run Time
OAuth
Bad Docs
Weird HTTP
Errors
Rate Limit
Problems
High Latency
Version
Changes
APIs Can Waste Time
Old Versions
Random
Failures
Poor SDKs
Rate
Limit Failures
APIs Can Kill Your App
6. Development Time Tools
HTTP Problems
•
•
•
•
!
HTTP is Easy until it’s not (Caching,
Verbs, Headers, Hashes, Media
Types)
Use HTTP Sniffers (HTTPScoop,
Fiddler) + network sniffers (e.g.
Wireshark)
Check & use caching headers
CORS, Cross Site Problems
HTTPScoop
Auth Problems
oAuth Libraries & Documentation
• beware oAuth “variants”
• Try:
• oAuthbible.com
• oauth.io
• Other Authentication:
• Try to use provided SDKs
• Unit Test heavily for custom
integrations
•
http://www.slideshare.net/synedra/demystifying-restruby
7. Development Time Tools
Provider Problems
•
•
•
•
•
!
Bad Documentation: look for
interactive docs (swagger active
docs, iodocs, apiary)
Unspecified Rate Limits (when do
they kick in?)
Old Versions
Different Production and Test
Environments
Unit test mocks
Pro Tip
How to ask An API Provider a
!
question
!
!
“I was doing the following with
you API, I was expecting this
… to happen, to my dismay,
this other thing happened
instead …”(*)
(* - credit Kirsten Hunter)
9. Operations Time Tools
The Old
•
•
•
•
Pingdom et. al. Provide standard
HTTP alerts,
Webmetrics: step by step test
execution primarily for SOAP APIs
Nagios, Monit, Munin, SENSU etc. in
your own infrastructure
Splunk et. al. for log analysis.
!
The New
!
How to ask An API Provider a
!
question
!
•
•
•
Runscope
Smartbear
3scale APITools
!
•
!
New tools: proxy transform, step by
step unit testing, authentication
tests, API specific analytics
!
!
!
http://www.soapui.org/Dojo/overview.html
10. Where is the Fun & Profit?
API Testing is getting easier
APIs are more stable over time
Mocks & Proxies Help a Lot
Happy Users are More Fun
& Generate More Profit!