SlideShare una empresa de Scribd logo

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus de Diego, Adidas

apidays
apidays

1. The document discusses the need for an integration specification to manage APIs that use multiple protocols and styles at large companies. 2. An integration specification would provide a single source of truth for technical metadata about APIs, including how they are structured, the data they manage, and how they relate to each other and enterprise data. 3. This would enable automated API discovery, integration, and management processes by describing APIs and their access to data products at an enterprise level.

Tecnología
1 de 87
Descargar para leer sin conexión
Multi-Protocol APIs at Scale in Jesus de Diego adidas API Platform 2021 API
Bio Jesus de Diego Software Engineer Software Architect Worked with APIs for 15 years Right now working with the adidas API Platform
What is this about?
Agenda 1. API Landscape 2. Multi-Style APIs? 3. The Gateway to APIs 4. Issues 5. One specification to gather all APIs? 6. Putting all together 7. Take Aways
API Landscape
+400HTTP based APIs +300API Owners +153m requests a day +1000API Consumers
Full Picture
API Lifecycle
API Guidelines
Multi-Style APIs?
MSA Microservices-based applications overcome the biggest limitations of traditional, monolithic applications. A microservices-based application architecture (MSA) breaks a monolith into its component services and running each component as an autonomous application (microservice). Some basic rules have to be followed: Single responsibility, well defined autonomous functional area, non-shared data source, isolated data boundaries, and others. Each microservice exposes one or more APIs. MSAs have increased the need to count on having HTTP-based APIs as the primary (there are other options like Kafka) way of communication between microservices.
RPC (Remote Procedure Call) ● REST predecessor from 1970s ● Invoke a function on a remote server in a particular format and receive a response in the same format ● With an RPC API, the method is found in the URL. The arguments that invoke the methods are found in the query string. POST /deleteResource (with a query string that says { “id”: 3 } )
REST (Representational State Transfer) The key concepts are RESOURCE, STATE (resource representation) and DATA (media) FORMAT. According to Roy Fielding, an API qualifies as “RESTful” when it meets the following constraints: • Uniform interface • Client-server independence • Stateless • Cacheable • Layered The client does not build URLs (mimicking the web browser that just follows the URL to find a resource). API clients never have to understand the format of the URLs. These formats are not part of the API spec provide to the API consumers.
We can face certain problems in our REST APIs • Long Running Tasks • Blocked connections • No server notifications • No streaming • No broadcasting information (subscriptions) • Etc..
Websockets It’s a protocol (ws/wss) in the OSI model (7) compatible with HTTP Supported by most browsers Full Duplex communication Streams of messages on top of TCP Note: Supported by Kong API Gateway (ws/wss)
High Performance • Compact Binary Exchange Format • Make API Calls to the Server like they were Client local • Cross Language/Cross Platform • Auto-generate API definitions for idiomatic client and server –just implement the interfaces Uni/Bi-Directional Streaming • Pluggable support for streaming with HTTP/2 transport
gRPC Capabilities Request/Response service NotificationsService { rpc GetNotifications(Empty) returns () {} } Unidirectional stream service NotificationsService { rpc SubscribeNotifications(Empty) returns (stream Event) {} } Bidirectional stream service NotificationsService { rpc ExchangeNotifications(stream Event) returns (stream Event) {} }
gRPC Pros/ Cons Remarkable • Microservices, Web Apps, Mobile apps can produce and/or consume streams of data. • Regular Request/Response is faster and more efficient when handling heavy payloads. Ideal for IoT or low-bandwidth networks. PROs Good tooling. Multi language supported. Fast, efficient, two-ways streaming, etc. CONs Not so popular in the development community. API Contract is strictly service description. CONCLUSION Not needed if you handle low/medium payload size and you do not need streaming.
gRPC Fast Readings gRPC Official Site Protocol Buffers discussion group Defining the API Contract: protobuf/gRPC gRPC Kafka Streaming Demo
What’s this? • Based on a data graph (a hierarchy of types with fields). • The data graph is populated by other services. • The data graph can be queried by using a SDL (Schema Definition Language) which is defined by the API Producer. • The SDL defines a collection of types and the relationships between those types. • It supports mutations on the data (updates and inserts). • Focused on the needs of the client. API consumers get the data they need in the shape they want.
• Data Schema -> API Contract • Queries and Mutations • Arguments (scalars and objects) • Variables • Single endpoint • Introspection • Streaming is supported for subscriptions (long-lasting GraphQL read operations that can update their result whenever a particular server-side event occurs) . • Different implementations (server library and client) pos t What’s this?
Possible Architecture (REST Wrapper)
Possible Architecture (Data Aggregator)
• Avoid the REST waterfall • Get the right amount of data • Tolerate incremental changes in the data schema Promises
Pros Cons • Overfetching, underfetching? Avoid the REST waterfall • Limited amount of tooling for GraphQL. • Is the schema (the .graphqls file) the API Contract? • Better adaptation to changes in the API contract for API consumers. • Need to define the data schema, mutations and implement resolvers for mutations and queries. • Sources: REST APIs, Data sources. • Supported by many programming languages. • Possible added latency. Is cache broken? • Proxy caching and rate limiting on top of GraphQL is key.
GraphQL Fast Readings GraphQL Official Site GraphQL Specification GraphQL Contract Testing with Pact Getting started with GraphQL Java and Spring Boot GraphQL Subscriptions
What is this? • An API technical specification for Event-Driven Architectures (EDAs) • It is not specifically about Streaming (it also exists in gRPC and GraphQL) • It is based on OAS. So, we’ll find similarities.
OAS similarities adidas API Platform
Main Features • Supported protocols • AMQP, Websockets, KAFKA, MQTT, HTTP/x • Servers define the URL of the broker or server • Security • User/Password • Certificates • API Keys • OIDC • OAuth2
AsyncAPI Fast Readings Official web site Blog Twitter Podcasts
Take Aways
When is each API style good for? REST • It is still the default option for HTTP based APIs • Non-blocking REST APIs are a good solution to improve performance and consumption of resources gRPC • You need real-time-like flows • You handle really big payloads • You work with low bandwidth scenarios • You need streams GraphQL • You need subsets of data • You frequently change the sub-set of data you need • You need streams AsyncAPI • Related to Event Driven architectures • You need streams
API Styles • They are a part of the architectural layout, especially MSAs • Best adaptation to Business requirements (Functional and Non-Functional) • Availability of resources (memory, CPU, bandwidth) Tools • Adhere to a standard better than to a tool or toolset Protocols • HTTP is not 1.1 any longer • New HTTP versions (2, 3) are more capable and we have to take advantage of their features as they are stable Event Driven APIs • Preferably using AsyncAPI • Ideal for Event Streaming Engines: Kafka, Spark Streaming… Boundaries and Clear Principles
Boundaries and Clear Principles
1. Foundation for Data Product APIs 2. HTTP 2/3-based APIs provide streaming of data with balance in a resilient way 3. API Gateways work well with HTTP 2/3-based APIs 4. Streaming Engines (Kafka) offer production/ consumption of events in EDAs 5. HTTP 2/3-based APIs can extend the propagation of events as streams beyond Kafka boundaries 6. The solution is part of the architectural design, stakeholders, client apps and systems 7. It makes sense to think of this landscape as a unitary point of view: Data Product integration across different systems and boundaries Multi-Protocol Integration?
API Registry • A fundamental tool to register API descriptions for Multi-Protocol APIs. • The API Registry has to be compliant with tech API specs (OAS, protobuf, AsyncAPI). • It can include design capabilities and a lifecycle for versions. • It allows integrations (testing, source code, mocked server, etc). • API descriptions have to be available via API to be aggregated and handled.
API Registry The reality is, support to non-OAS APIs is still partial, non- intuitive, not supporting design functionalities. The target is to have an API Registry with all these features supporting first OAS and AsyncAPI, gRPC and GraphQL at a later stage.
The Gateway to APIs
Why to use an API Gateway?
API Gateway as an Architectural Pattern ● Isolates the consumer from the service ● Applies specific features to specific consumers ● Applies security restrictions before touching the services ● It is highly available and uses load balance strategy ● Reduces the number of requests/roundtrips ● Better adaptation of APIs to consumers ● It allows strategies like Blue/Green deployments or Canary releases
API TEAM / CREATING APIS @ADIDAS Big Picture 3-JUN-21 42 Git API Registry CI/CD API Gateway K8s Platform API Consumer API Description API Description Service Implementation Style Guide Dredd Plug-in Git integration adidas team APIs Documentation Mock Service Analytics Admin API GatewayToolbelt 2 3 4 5 6 7 1 1 Design 2 Develop 3 Deploy 4 Publish 5 Use 6 Analyze 7 Update Security Checks Runscope ELK SpectralPlug-in Spectral
API Authentication and Authorization ● API Key (Key Auth) ● OIDC (integration with Azure AD and others ID Providers)
API Security Criteria ● Check your API is not vulnerable ● Alignment with Load Balancer other services ● Use the OWASP Security Top 10 as the main reference ● Create specific tests to meet these rules
API Security Measures ● Authentication/Authorization checks (all possible ways) ● Never rely on client for anything important ● Define response schemas ● Set up a short life for your tokens! ● Limit the rate of requests ● Never return raw data directly from the database ● Sanitize all inputs, even from internal consumers ● Use CORS filtering ● Use always WAF & Bot detection
● --- ● apiVersion: configuration.konghq.com/v1 ● kind: KongPlugin ● plugin: rate-limiting ● metadata: ● name: xxx-rate-limiting ● annotations: ● kubernetes.io/ingress.class: adidas-kong ● config: ● second: 100 ● hour: 10000 ● policy: redis ● redis_host: ratelimit.kong.svc.cluster.stg API Rate Limiting Consumer Quota Burst Limit Resources Security
● --- ● apiVersion: configuration.konghq.com/v1 ● kind: KongPlugin ● plugin: proxy-cache ● metadata: ● name: pc-att-marking-code-api-cache ● annotations: ● kubernetes.io/ingress.class: adidas-kong ● config: ● cache_ttl: 120 ● strategy: memory API Performance + Cache
48 API Transformation
● --- ● apiVersion: configuration.konghq.com/v1 ● kind: KongPlugin ● plugin: request-transformer ● metadata: ● name: pc-att-markingapi-movementsapi-tagsapi-reqt ● annotations: ● kubernetes.io/ingress.class: adidas-kong ● config: ● replace: ● uri: /$(uri_captures[1])$(uri_captures[2])
API Schema Validation
API Request Size
Enterprise API features are implemented by the API Gateway
The Gateway to APIs
BASICS Tool: the API Gateway (Kong) Features: Non-Functional Requirements (from Business Analysis) Extra cost: Fixed cost and cost per incoming request
API Producer Team Team API Gateway Deployment Model adidas API Platform
https://tools.adidas-group.com/bitbucket/projects/API/repos/kong-managed/
Ingress ACL Plugin Key Auth (API Key) Plugin
OOOK…..
Issues
API Registry & API Description Management: ● APIs are managed as individual isolated items ● The defined data domain in each API is not correlated to the Data Catalog ● They do not describe how they can be consumed ● They do not include relationships to other APIs ● They do not involve Enterprise API features Issues
Issues API Gateway Operations: ● Description of APIs do not include Enterprise API features based on Non- Functional Requirements ● They do not include integration with other layers in the network (e.g. Load Balancers, WAF) ● API Consumers are managed manually ● There is not a unique source of truth agreed by all stakeholders which is the very base for automatic processes ● Enterprise API information is spread across multiples files as annotation values
Business ● Integration by API consumers (internal and external) is a slow process (KPI: Consumer Engagement Time) ● Rolling Out a new Enterprise API is slow (KPI: API Time To Market). ● Integration does not cover everything, just partial areas of the surface of a Data Domain (KPI: Operational Scope Coverage) ● API Consumer development cost increases (KPI: API Consumer Cost) Issues
In summary, a great number of APIs in a company is a success but it is dangerous. The number of API producers and consumers grows and it can not be handled easily The API Gateway provision is the right way but it requires a lot of information that API tech specs do not consider. Issues
One Specification to rule all APIs?
What is Metadata? Metadata is structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource. What is Technical Metadata? Technical metadata (also called structural metadata) describes how the data is arranged and displayed to users by describing the structure of the data objects—such as tables, columns, rows, indexes, and connections. Technical metadata tells data professionals how they will need to work with the data—for example, if they can work with it as is, or if they need to transform it for analysis or integration.
Integration Specification Based on API Technical Metadata API Technical Metadata describes what one or several APIs are structured, the data domain they manage and the connections to dictionaries, the ways of usage, connections to other APIs and how can they work together. Why? To allow integration, API discovery, quick engagement, uniform application of configuration to allow APIs to be released in an Enterprise API way.
Integration Specification Targets To have the unique source of truth for API Automation processes. To allow the description of access to Data Products
Integration Specification
Integration Specification
Integration Specification
Integration Specification
Integration Specification Technical Contract ● Non-Functional ● Accessibility ● Availability
Integration Specification Main Features Multiple Dimensions: Individual API, Group of APIs API Style Seamless: Composing groups of APIs of different styles Consistent: Data Domains are compliant with company dictionary (EDC) Non-Functional Behavior: Capacity, scalability, performance, rate limits, etc. Security: Authentication, Authorization, restrictions Consumer Oriented: Discovery, Engagement, Usage Semantics
Integration Specification Sample
Putting Everything Together
Integration Landscape
What about the Tooling?
The Integration Hub App ● Unique entry point for Data Product and API inter-actions. ● Connected to the Data Catalog, API Registry, ID Provider, LeanIX Inventory. ● It manages the changes in the Integration Specification files. ● These changes trigger the build pipeline to make the changes in the API Gateway configuration
The Integration Hub App
Use Case: New Consumer for 1 or multiple APIs
Use Case: New API
Use Case: Changing NFRs in an existing API
Take Aways
Take Aways ● Large companies using APIs are increasingly using multiple API styles and protocols as a better fit to meet business expectations and produce better APIs, more adapted to Business requirements, being more efficient in resource consumption. ● Using an API Registry and an API Gateway has to allow the usage of Multi-Protocol/Style APIs (e.g. gRPC endpoints, GraphQL cache) ● API Specifications (OAS, AsyncAPI, etc) are just technical references and they do not cover all the operational aspects in the API lifecycle. ● API Specifications handle APIs as isolated items, not covering integration and operations.
Take Aways ● We need the Integration Specification to fill all these gaps in APIs description. ● The Integration Specification is useless without the Integration Hub Application, including: ● Interpreter ● API Browser ● API Search ● Subsequent changes in manifest files ● CD Pipelines
Next Steps Our agenda with the Integration Specification: ● Establish the links between APIs using multiple protocols and styles to describe access to greater entities (Data Products). ● Link APIs with Enterprise Data Domains and Dictionaries (Data Catalog) to enable Data Product and API Search and Discovery. ● Apply Security constraints and Non-Functional Requirements and protection uniformly via API Gateway configuration. ● Make the Integration Hub Application and the whole Enterprise API Lifecycle ● In summary, the Integration Specification is going to be the base for automatic provision and management of Adidas APIs.
Thanks! jesusjavier.dediego@adidas.com Personal Blog Medium #adidoescode API

Recomendados

apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
apidays
 
Api clarity webinar
Api clarity webinarApi clarity webinar
Api clarity webinar
LibbySchulze
 
Tools and techniques for APIs
Tools and techniques for APIsTools and techniques for APIs
Tools and techniques for APIs
Jason Harmon
 
Design and Evolution of APIs in Microservice Architecture
Design and Evolution of APIs in Microservice ArchitectureDesign and Evolution of APIs in Microservice Architecture
Design and Evolution of APIs in Microservice Architecture
Lohika_Odessa_TechTalks
 
Rest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbookRest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbook
Katy Slemon
 
apidays LIVE Australia 2020 - Federating API Development at Australia’s large...
apidays LIVE Australia 2020 - Federating API Development at Australia’s large...apidays LIVE Australia 2020 - Federating API Development at Australia’s large...
apidays LIVE Australia 2020 - Federating API Development at Australia’s large...
apidays
 
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays
 
apidays LIVE Australia 2020 - Have your cake and eat it too: GraphQL? REST? W...
apidays LIVE Australia 2020 - Have your cake and eat it too: GraphQL? REST? W...apidays LIVE Australia 2020 - Have your cake and eat it too: GraphQL? REST? W...
apidays LIVE Australia 2020 - Have your cake and eat it too: GraphQL? REST? W...
apidays
 

Recomendados

apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
apidays
 
Api clarity webinar
Api clarity webinarApi clarity webinar
Api clarity webinar
LibbySchulze
 
Tools and techniques for APIs
Tools and techniques for APIsTools and techniques for APIs
Tools and techniques for APIs
Jason Harmon
 
Design and Evolution of APIs in Microservice Architecture
Design and Evolution of APIs in Microservice ArchitectureDesign and Evolution of APIs in Microservice Architecture
Design and Evolution of APIs in Microservice Architecture
Lohika_Odessa_TechTalks
 
Rest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbookRest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbook
Katy Slemon
 
apidays LIVE Australia 2020 - Federating API Development at Australia’s large...
apidays LIVE Australia 2020 - Federating API Development at Australia’s large...apidays LIVE Australia 2020 - Federating API Development at Australia’s large...
apidays LIVE Australia 2020 - Federating API Development at Australia’s large...
apidays
 
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays
 
apidays LIVE Australia 2020 - Have your cake and eat it too: GraphQL? REST? W...
apidays LIVE Australia 2020 - Have your cake and eat it too: GraphQL? REST? W...apidays LIVE Australia 2020 - Have your cake and eat it too: GraphQL? REST? W...
apidays LIVE Australia 2020 - Have your cake and eat it too: GraphQL? REST? W...
apidays
 
apidays LIVE LONDON - Discovering API Version differences with ease by Jaap B...
apidays LIVE LONDON - Discovering API Version differences with ease by Jaap B...apidays LIVE LONDON - Discovering API Version differences with ease by Jaap B...
apidays LIVE LONDON - Discovering API Version differences with ease by Jaap B...
apidays
 
Build pipelines with TeamCity and Kotlin DSL
Build pipelines with TeamCity and Kotlin DSLBuild pipelines with TeamCity and Kotlin DSL
Build pipelines with TeamCity and Kotlin DSL
Anton Arhipov
 
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays
 
apidays LIVE Paris - The Business of APIs by Jed Ng
apidays LIVE Paris - The Business of APIs by Jed Ngapidays LIVE Paris - The Business of APIs by Jed Ng
apidays LIVE Paris - The Business of APIs by Jed Ng
apidays
 
Tools for designing and building great APIs
Tools for designing and building great APIsTools for designing and building great APIs
Tools for designing and building great APIs
Kong Inc.
 
apidays LIVE Jakarta - Better API DX with a CLI by Phil Nash, Twilio
apidays LIVE Jakarta - Better API DX with a CLI by Phil Nash, Twilioapidays LIVE Jakarta - Better API DX with a CLI by Phil Nash, Twilio
apidays LIVE Jakarta - Better API DX with a CLI by Phil Nash, Twilio
apidays
 
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
apidays
 
Pure APIs: Development workflows for successful API integrations
Pure APIs: Development workflows for successful API integrationsPure APIs: Development workflows for successful API integrations
Pure APIs: Development workflows for successful API integrations
José Haro Peralta
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
LunchBadger
 
WSO2 Product Release Webinar - WSO2 App Factory 2.1
WSO2 Product Release Webinar - WSO2 App Factory 2.1WSO2 Product Release Webinar - WSO2 App Factory 2.1
WSO2 Product Release Webinar - WSO2 App Factory 2.1
WSO2
 
Essential Ingredients for a Successful API Program
Essential Ingredients for a Successful API ProgramEssential Ingredients for a Successful API Program
Essential Ingredients for a Successful API Program
Jason Harmon
 
apidays LIVE New York 2021 - Introduction to HATEOAS with Ketting by Evert Po...
apidays LIVE New York 2021 - Introduction to HATEOAS with Ketting by Evert Po...apidays LIVE New York 2021 - Introduction to HATEOAS with Ketting by Evert Po...
apidays LIVE New York 2021 - Introduction to HATEOAS with Ketting by Evert Po...
apidays
 
Open Event API
Open Event APIOpen Event API
Open Event API
Avi Aryan
 
REST vs. GraphQL: Critical Look
REST vs. GraphQL: Critical LookREST vs. GraphQL: Critical Look
REST vs. GraphQL: Critical Look
Nordic APIs
 
apidays LIVE Paris 2021 - Spatially enabling Web APIs through OGC Standards ...
apidays LIVE Paris 2021 - Spatially enabling Web APIs through OGC Standards ...apidays LIVE Paris 2021 - Spatially enabling Web APIs through OGC Standards ...
apidays LIVE Paris 2021 - Spatially enabling Web APIs through OGC Standards ...
apidays
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
Michael Kuehne-Schlinkert
 
apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...
apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...
apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...
apidays
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
WSO2
 
apidays LIVE Australia 2020 - Productising your Microservices as API Products...
apidays LIVE Australia 2020 - Productising your Microservices as API Products...apidays LIVE Australia 2020 - Productising your Microservices as API Products...
apidays LIVE Australia 2020 - Productising your Microservices as API Products...
apidays
 
APIDays - API Design Workshop
APIDays - API Design WorkshopAPIDays - API Design Workshop
APIDays - API Design Workshop
Restlet
 
Api design part 1
Api design part 1Api design part 1
Api design part 1
Ibrahim Elsawaf
 
API Gateway report
API Gateway reportAPI Gateway report
API Gateway report
Gleicon Moraes
 

Más contenido relacionado

La actualidad más candente

Pure APIs: Development workflows for successful API integrations
Pure APIs: Development workflows for successful API integrationsPure APIs: Development workflows for successful API integrations
Pure APIs: Development workflows for successful API integrations
José Haro Peralta
 
REST vs. GraphQL: Critical Look
REST vs. GraphQL: Critical LookREST vs. GraphQL: Critical Look
REST vs. GraphQL: Critical Look
Nordic APIs
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
Michael Kuehne-Schlinkert
 

La actualidad más candente (20)

apidays LIVE LONDON - Discovering API Version differences with ease by Jaap B...
apidays LIVE LONDON - Discovering API Version differences with ease by Jaap B...apidays LIVE LONDON - Discovering API Version differences with ease by Jaap B...
apidays LIVE LONDON - Discovering API Version differences with ease by Jaap B...
 
Build pipelines with TeamCity and Kotlin DSL
Build pipelines with TeamCity and Kotlin DSLBuild pipelines with TeamCity and Kotlin DSL
Build pipelines with TeamCity and Kotlin DSL
 
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
 
apidays LIVE Paris - The Business of APIs by Jed Ng
apidays LIVE Paris - The Business of APIs by Jed Ngapidays LIVE Paris - The Business of APIs by Jed Ng
apidays LIVE Paris - The Business of APIs by Jed Ng
 
Tools for designing and building great APIs
Tools for designing and building great APIsTools for designing and building great APIs
Tools for designing and building great APIs
 
apidays LIVE Jakarta - Better API DX with a CLI by Phil Nash, Twilio
apidays LIVE Jakarta - Better API DX with a CLI by Phil Nash, Twilioapidays LIVE Jakarta - Better API DX with a CLI by Phil Nash, Twilio
apidays LIVE Jakarta - Better API DX with a CLI by Phil Nash, Twilio
 
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
 
Pure APIs: Development workflows for successful API integrations
Pure APIs: Development workflows for successful API integrationsPure APIs: Development workflows for successful API integrations
Pure APIs: Development workflows for successful API integrations
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
 
WSO2 Product Release Webinar - WSO2 App Factory 2.1
WSO2 Product Release Webinar - WSO2 App Factory 2.1WSO2 Product Release Webinar - WSO2 App Factory 2.1
WSO2 Product Release Webinar - WSO2 App Factory 2.1
 
Essential Ingredients for a Successful API Program
Essential Ingredients for a Successful API ProgramEssential Ingredients for a Successful API Program
Essential Ingredients for a Successful API Program
 
apidays LIVE New York 2021 - Introduction to HATEOAS with Ketting by Evert Po...
apidays LIVE New York 2021 - Introduction to HATEOAS with Ketting by Evert Po...apidays LIVE New York 2021 - Introduction to HATEOAS with Ketting by Evert Po...
apidays LIVE New York 2021 - Introduction to HATEOAS with Ketting by Evert Po...
 
Open Event API
Open Event APIOpen Event API
Open Event API
 
REST vs. GraphQL: Critical Look
REST vs. GraphQL: Critical LookREST vs. GraphQL: Critical Look
REST vs. GraphQL: Critical Look
 
apidays LIVE Paris 2021 - Spatially enabling Web APIs through OGC Standards ...
apidays LIVE Paris 2021 - Spatially enabling Web APIs through OGC Standards ...apidays LIVE Paris 2021 - Spatially enabling Web APIs through OGC Standards ...
apidays LIVE Paris 2021 - Spatially enabling Web APIs through OGC Standards ...
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
 
apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...
apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...
apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
apidays LIVE Australia 2020 - Productising your Microservices as API Products...
apidays LIVE Australia 2020 - Productising your Microservices as API Products...apidays LIVE Australia 2020 - Productising your Microservices as API Products...
apidays LIVE Australia 2020 - Productising your Microservices as API Products...
 
APIDays - API Design Workshop
APIDays - API Design WorkshopAPIDays - API Design Workshop
APIDays - API Design Workshop
 

Similar a apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus de Diego, Adidas

API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
Christian Posta
 
Role of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EIRole of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EI
WSO2
 
Building high performance microservices in finance with Apache Thrift
Building high performance microservices in finance with Apache ThriftBuilding high performance microservices in finance with Apache Thrift
Building high performance microservices in finance with Apache Thrift
RX-M Enterprises LLC
 

Similar a apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus de Diego, Adidas (20)

Api design part 1
Api design part 1Api design part 1
Api design part 1
 
API Gateway report
API Gateway reportAPI Gateway report
API Gateway report
 
INTERFACE by apidays_What's your Type? Understanding API Types and Choosing t...
INTERFACE by apidays_What's your Type? Understanding API Types and Choosing t...INTERFACE by apidays_What's your Type? Understanding API Types and Choosing t...
INTERFACE by apidays_What's your Type? Understanding API Types and Choosing t...
 
Austin API Summit 2018: Are REST APIs Still Relevant Today?
Austin API Summit 2018: Are REST APIs Still Relevant Today?Austin API Summit 2018: Are REST APIs Still Relevant Today?
Austin API Summit 2018: Are REST APIs Still Relevant Today?
 
Are REST APIs Still Relevant Today?
Are REST APIs Still Relevant Today?Are REST APIs Still Relevant Today?
Are REST APIs Still Relevant Today?
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18
 
REST APIs
REST APIsREST APIs
REST APIs
 
Role of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EIRole of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EI
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
 
APIdays San Francisco, 06/22/2013
APIdays San Francisco, 06/22/2013APIdays San Francisco, 06/22/2013
APIdays San Francisco, 06/22/2013
 
From Web APIs to Cross-Device Web Sites
From Web APIs to Cross-Device Web SitesFrom Web APIs to Cross-Device Web Sites
From Web APIs to Cross-Device Web Sites
 
Modern REST API design principles and rules.pdf
Modern REST API design principles and rules.pdfModern REST API design principles and rules.pdf
Modern REST API design principles and rules.pdf
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
 
APIdays Helsinki 2019 - GraphQL API Management with Amit P. Acharya, IBM
APIdays Helsinki 2019 - GraphQL API Management with Amit P. Acharya, IBMAPIdays Helsinki 2019 - GraphQL API Management with Amit P. Acharya, IBM
APIdays Helsinki 2019 - GraphQL API Management with Amit P. Acharya, IBM
 
RefCard API Architecture Strategy
RefCard API Architecture StrategyRefCard API Architecture Strategy
RefCard API Architecture Strategy
 
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
 
The DNA of a great API
The DNA of a great APIThe DNA of a great API
The DNA of a great API
 
Overview of Rest Service and ASP.NET WEB API
Overview of Rest Service and ASP.NET WEB APIOverview of Rest Service and ASP.NET WEB API
Overview of Rest Service and ASP.NET WEB API
 
Building high performance microservices in finance with Apache Thrift
Building high performance microservices in finance with Apache ThriftBuilding high performance microservices in finance with Apache Thrift
Building high performance microservices in finance with Apache Thrift
 

Más de apidays

Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
apidays
 

Más de apidays (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
 
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
 
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
 
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
 
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
 
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
 
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
 
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
 
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus de Diego, Adidas

  • 1. Multi-Protocol APIs at Scale in Jesus de Diego adidas API Platform 2021 API
  • 2. Bio Jesus de Diego Software Engineer Software Architect Worked with APIs for 15 years Right now working with the adidas API Platform
  • 3. What is this about?
  • 4. Agenda 1. API Landscape 2. Multi-Style APIs? 3. The Gateway to APIs 4. Issues 5. One specification to gather all APIs? 6. Putting all together 7. Take Aways
  • 6.
  • 7. +400HTTP based APIs +300API Owners +153m requests a day +1000API Consumers
  • 12. MSA Microservices-based applications overcome the biggest limitations of traditional, monolithic applications. A microservices-based application architecture (MSA) breaks a monolith into its component services and running each component as an autonomous application (microservice). Some basic rules have to be followed: Single responsibility, well defined autonomous functional area, non-shared data source, isolated data boundaries, and others. Each microservice exposes one or more APIs. MSAs have increased the need to count on having HTTP-based APIs as the primary (there are other options like Kafka) way of communication between microservices.
  • 13. RPC (Remote Procedure Call) ● REST predecessor from 1970s ● Invoke a function on a remote server in a particular format and receive a response in the same format ● With an RPC API, the method is found in the URL. The arguments that invoke the methods are found in the query string. POST /deleteResource (with a query string that says { “id”: 3 } )
  • 14. REST (Representational State Transfer) The key concepts are RESOURCE, STATE (resource representation) and DATA (media) FORMAT. According to Roy Fielding, an API qualifies as “RESTful” when it meets the following constraints: • Uniform interface • Client-server independence • Stateless • Cacheable • Layered The client does not build URLs (mimicking the web browser that just follows the URL to find a resource). API clients never have to understand the format of the URLs. These formats are not part of the API spec provide to the API consumers.
  • 15. We can face certain problems in our REST APIs • Long Running Tasks • Blocked connections • No server notifications • No streaming • No broadcasting information (subscriptions) • Etc..
  • 16. Websockets It’s a protocol (ws/wss) in the OSI model (7) compatible with HTTP Supported by most browsers Full Duplex communication Streams of messages on top of TCP Note: Supported by Kong API Gateway (ws/wss)
  • 17. High Performance • Compact Binary Exchange Format • Make API Calls to the Server like they were Client local • Cross Language/Cross Platform • Auto-generate API definitions for idiomatic client and server –just implement the interfaces Uni/Bi-Directional Streaming • Pluggable support for streaming with HTTP/2 transport
  • 18. gRPC Capabilities Request/Response service NotificationsService { rpc GetNotifications(Empty) returns () {} } Unidirectional stream service NotificationsService { rpc SubscribeNotifications(Empty) returns (stream Event) {} } Bidirectional stream service NotificationsService { rpc ExchangeNotifications(stream Event) returns (stream Event) {} }
  • 19. gRPC Pros/ Cons Remarkable • Microservices, Web Apps, Mobile apps can produce and/or consume streams of data. • Regular Request/Response is faster and more efficient when handling heavy payloads. Ideal for IoT or low-bandwidth networks. PROs Good tooling. Multi language supported. Fast, efficient, two-ways streaming, etc. CONs Not so popular in the development community. API Contract is strictly service description. CONCLUSION Not needed if you handle low/medium payload size and you do not need streaming.
  • 20. gRPC Fast Readings gRPC Official Site Protocol Buffers discussion group Defining the API Contract: protobuf/gRPC gRPC Kafka Streaming Demo
  • 21. What’s this? • Based on a data graph (a hierarchy of types with fields). • The data graph is populated by other services. • The data graph can be queried by using a SDL (Schema Definition Language) which is defined by the API Producer. • The SDL defines a collection of types and the relationships between those types. • It supports mutations on the data (updates and inserts). • Focused on the needs of the client. API consumers get the data they need in the shape they want.
  • 22. • Data Schema -> API Contract • Queries and Mutations • Arguments (scalars and objects) • Variables • Single endpoint • Introspection • Streaming is supported for subscriptions (long-lasting GraphQL read operations that can update their result whenever a particular server-side event occurs) . • Different implementations (server library and client) pos t What’s this?
  • 25. • Avoid the REST waterfall • Get the right amount of data • Tolerate incremental changes in the data schema Promises
  • 26. Pros Cons • Overfetching, underfetching? Avoid the REST waterfall • Limited amount of tooling for GraphQL. • Is the schema (the .graphqls file) the API Contract? • Better adaptation to changes in the API contract for API consumers. • Need to define the data schema, mutations and implement resolvers for mutations and queries. • Sources: REST APIs, Data sources. • Supported by many programming languages. • Possible added latency. Is cache broken? • Proxy caching and rate limiting on top of GraphQL is key.
  • 27. GraphQL Fast Readings GraphQL Official Site GraphQL Specification GraphQL Contract Testing with Pact Getting started with GraphQL Java and Spring Boot GraphQL Subscriptions
  • 28. What is this? • An API technical specification for Event-Driven Architectures (EDAs) • It is not specifically about Streaming (it also exists in gRPC and GraphQL) • It is based on OAS. So, we’ll find similarities.
  • 30. Main Features • Supported protocols • AMQP, Websockets, KAFKA, MQTT, HTTP/x • Servers define the URL of the broker or server • Security • User/Password • Certificates • API Keys • OIDC • OAuth2
  • 33. When is each API style good for? REST • It is still the default option for HTTP based APIs • Non-blocking REST APIs are a good solution to improve performance and consumption of resources gRPC • You need real-time-like flows • You handle really big payloads • You work with low bandwidth scenarios • You need streams GraphQL • You need subsets of data • You frequently change the sub-set of data you need • You need streams AsyncAPI • Related to Event Driven architectures • You need streams
  • 34. API Styles • They are a part of the architectural layout, especially MSAs • Best adaptation to Business requirements (Functional and Non-Functional) • Availability of resources (memory, CPU, bandwidth) Tools • Adhere to a standard better than to a tool or toolset Protocols • HTTP is not 1.1 any longer • New HTTP versions (2, 3) are more capable and we have to take advantage of their features as they are stable Event Driven APIs • Preferably using AsyncAPI • Ideal for Event Streaming Engines: Kafka, Spark Streaming… Boundaries and Clear Principles
  • 36. 1. Foundation for Data Product APIs 2. HTTP 2/3-based APIs provide streaming of data with balance in a resilient way 3. API Gateways work well with HTTP 2/3-based APIs 4. Streaming Engines (Kafka) offer production/ consumption of events in EDAs 5. HTTP 2/3-based APIs can extend the propagation of events as streams beyond Kafka boundaries 6. The solution is part of the architectural design, stakeholders, client apps and systems 7. It makes sense to think of this landscape as a unitary point of view: Data Product integration across different systems and boundaries Multi-Protocol Integration?
  • 37. API Registry • A fundamental tool to register API descriptions for Multi-Protocol APIs. • The API Registry has to be compliant with tech API specs (OAS, protobuf, AsyncAPI). • It can include design capabilities and a lifecycle for versions. • It allows integrations (testing, source code, mocked server, etc). • API descriptions have to be available via API to be aggregated and handled.
  • 38. API Registry The reality is, support to non-OAS APIs is still partial, non- intuitive, not supporting design functionalities. The target is to have an API Registry with all these features supporting first OAS and AsyncAPI, gRPC and GraphQL at a later stage.
  • 40. Why to use an API Gateway?
  • 41. API Gateway as an Architectural Pattern ● Isolates the consumer from the service ● Applies specific features to specific consumers ● Applies security restrictions before touching the services ● It is highly available and uses load balance strategy ● Reduces the number of requests/roundtrips ● Better adaptation of APIs to consumers ● It allows strategies like Blue/Green deployments or Canary releases
  • 42. API TEAM / CREATING APIS @ADIDAS Big Picture 3-JUN-21 42 Git API Registry CI/CD API Gateway K8s Platform API Consumer API Description API Description Service Implementation Style Guide Dredd Plug-in Git integration adidas team APIs Documentation Mock Service Analytics Admin API GatewayToolbelt 2 3 4 5 6 7 1 1 Design 2 Develop 3 Deploy 4 Publish 5 Use 6 Analyze 7 Update Security Checks Runscope ELK SpectralPlug-in Spectral
  • 43. API Authentication and Authorization ● API Key (Key Auth) ● OIDC (integration with Azure AD and others ID Providers)
  • 44. API Security Criteria ● Check your API is not vulnerable ● Alignment with Load Balancer other services ● Use the OWASP Security Top 10 as the main reference ● Create specific tests to meet these rules
  • 45. API Security Measures ● Authentication/Authorization checks (all possible ways) ● Never rely on client for anything important ● Define response schemas ● Set up a short life for your tokens! ● Limit the rate of requests ● Never return raw data directly from the database ● Sanitize all inputs, even from internal consumers ● Use CORS filtering ● Use always WAF & Bot detection
  • 46. ● --- ● apiVersion: configuration.konghq.com/v1 ● kind: KongPlugin ● plugin: rate-limiting ● metadata: ● name: xxx-rate-limiting ● annotations: ● kubernetes.io/ingress.class: adidas-kong ● config: ● second: 100 ● hour: 10000 ● policy: redis ● redis_host: ratelimit.kong.svc.cluster.stg API Rate Limiting Consumer Quota Burst Limit Resources Security
  • 47. ● --- ● apiVersion: configuration.konghq.com/v1 ● kind: KongPlugin ● plugin: proxy-cache ● metadata: ● name: pc-att-marking-code-api-cache ● annotations: ● kubernetes.io/ingress.class: adidas-kong ● config: ● cache_ttl: 120 ● strategy: memory API Performance + Cache
  • 49. ● --- ● apiVersion: configuration.konghq.com/v1 ● kind: KongPlugin ● plugin: request-transformer ● metadata: ● name: pc-att-markingapi-movementsapi-tagsapi-reqt ● annotations: ● kubernetes.io/ingress.class: adidas-kong ● config: ● replace: ● uri: /$(uri_captures[1])$(uri_captures[2])
  • 54. BASICS Tool: the API Gateway (Kong) Features: Non-Functional Requirements (from Business Analysis) Extra cost: Fixed cost and cost per incoming request
  • 57. Ingress ACL Plugin Key Auth (API Key) Plugin
  • 60. API Registry & API Description Management: ● APIs are managed as individual isolated items ● The defined data domain in each API is not correlated to the Data Catalog ● They do not describe how they can be consumed ● They do not include relationships to other APIs ● They do not involve Enterprise API features Issues
  • 61. Issues API Gateway Operations: ● Description of APIs do not include Enterprise API features based on Non- Functional Requirements ● They do not include integration with other layers in the network (e.g. Load Balancers, WAF) ● API Consumers are managed manually ● There is not a unique source of truth agreed by all stakeholders which is the very base for automatic processes ● Enterprise API information is spread across multiples files as annotation values
  • 62. Business ● Integration by API consumers (internal and external) is a slow process (KPI: Consumer Engagement Time) ● Rolling Out a new Enterprise API is slow (KPI: API Time To Market). ● Integration does not cover everything, just partial areas of the surface of a Data Domain (KPI: Operational Scope Coverage) ● API Consumer development cost increases (KPI: API Consumer Cost) Issues
  • 63. In summary, a great number of APIs in a company is a success but it is dangerous. The number of API producers and consumers grows and it can not be handled easily The API Gateway provision is the right way but it requires a lot of information that API tech specs do not consider. Issues
  • 65. What is Metadata? Metadata is structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource. What is Technical Metadata? Technical metadata (also called structural metadata) describes how the data is arranged and displayed to users by describing the structure of the data objects—such as tables, columns, rows, indexes, and connections. Technical metadata tells data professionals how they will need to work with the data—for example, if they can work with it as is, or if they need to transform it for analysis or integration.
  • 66. Integration Specification Based on API Technical Metadata API Technical Metadata describes what one or several APIs are structured, the data domain they manage and the connections to dictionaries, the ways of usage, connections to other APIs and how can they work together. Why? To allow integration, API discovery, quick engagement, uniform application of configuration to allow APIs to be released in an Enterprise API way.
  • 67. Integration Specification Targets To have the unique source of truth for API Automation processes. To allow the description of access to Data Products
  • 72. Integration Specification Technical Contract ● Non-Functional ● Accessibility ● Availability
  • 73. Integration Specification Main Features Multiple Dimensions: Individual API, Group of APIs API Style Seamless: Composing groups of APIs of different styles Consistent: Data Domains are compliant with company dictionary (EDC) Non-Functional Behavior: Capacity, scalability, performance, rate limits, etc. Security: Authentication, Authorization, restrictions Consumer Oriented: Discovery, Engagement, Usage Semantics
  • 78. The Integration Hub App ● Unique entry point for Data Product and API inter-actions. ● Connected to the Data Catalog, API Registry, ID Provider, LeanIX Inventory. ● It manages the changes in the Integration Specification files. ● These changes trigger the build pipeline to make the changes in the API Gateway configuration
  • 80. Use Case: New Consumer for 1 or multiple APIs
  • 82. Use Case: Changing NFRs in an existing API
  • 84. Take Aways ● Large companies using APIs are increasingly using multiple API styles and protocols as a better fit to meet business expectations and produce better APIs, more adapted to Business requirements, being more efficient in resource consumption. ● Using an API Registry and an API Gateway has to allow the usage of Multi-Protocol/Style APIs (e.g. gRPC endpoints, GraphQL cache) ● API Specifications (OAS, AsyncAPI, etc) are just technical references and they do not cover all the operational aspects in the API lifecycle. ● API Specifications handle APIs as isolated items, not covering integration and operations.
  • 85. Take Aways ● We need the Integration Specification to fill all these gaps in APIs description. ● The Integration Specification is useless without the Integration Hub Application, including: ● Interpreter ● API Browser ● API Search ● Subsequent changes in manifest files ● CD Pipelines
  • 86. Next Steps Our agenda with the Integration Specification: ● Establish the links between APIs using multiple protocols and styles to describe access to greater entities (Data Products). ● Link APIs with Enterprise Data Domains and Dictionaries (Data Catalog) to enable Data Product and API Search and Discovery. ● Apply Security constraints and Non-Functional Requirements and protection uniformly via API Gateway configuration. ● Make the Integration Hub Application and the whole Enterprise API Lifecycle ● In summary, the Integration Specification is going to be the base for automatic provision and management of Adidas APIs.