2. Uchit Vyas
• Technologist @ Heart
• DevSecOps Practitioner
• One of the top 50 DevSecOps influencer in the world
• Enterprise Solution Architect
• Infrastructure analyst
• Quality engineering enthusiastic
• Technical author and Speaker
• To know more
• Go to www.hellouchit.com
3. API Market Stats
• 60% ebay listings are via API
• 50% of SalesForce transactions
from APIs
• Google receives 5 billion API calls
daily
• Netflix receives 10 billion API calls
daily
Source & Credit: https://medium.com/pdf-generator-api/api-easy-understandable-and-quick-tutorial-for-everyone-2ba985633e1c
4. Key
Statements
about APIs
from Survey
• Companies are using more internal APIs than
external APIs.
• Internal API usage increases significantly with
company size.
• Coding experience correlates with API usage.
• VMs remain the most common API deployment,
with Serverless close behind.
• Developers are most interested in Serverless &
FaaS and GraphQL.
• AWS is the most popular API gateway, and
Postman is the most popular API design tool.
Source & Credit: https://rapidapi.com/wp-content/uploads/2020/10/2020DevSurvey-Report.pdf
5. What to measure in
API Quality?
Resilient
Robust
Secure
Discoverable
Consistent
Source & Credit: https://devops.com/why-api-quality-is-top-priority-for-developers/
8. Robust
“NOT” only automated test suites
• Edge cases
• Unexpected code branches
Fuzz Testing should be enabled
• To uncover hidden execution paths
Canary and Blue-Green Deployments
• can help further expose API for unexpected
requests
9. Secure
• Vulnerable dependencies
• OWASP guidance
• Attack mitigation strategies such
as CORS and CSRF protection
• Application logic must be well
tested for authorization and
authentication.
10. Discoverable
• Open API Initiatives
• Spring Boot frameworks to
generate OpenAPI
documentation directly from
your code
• gRPC-based APIs accessing the
API and building the clients to
communicate with it
• GraphQL allows developers to
connect multiple APIs together
with consistent tooling
12. Problem statements
• Teams are preparing service API
contracts in Silos
• Service API contract are verified &
Tested in SIT/UAT phases
• Troubleshooting is cumbersome
process to identify to root cause
• End-to-End (E2E) environment
issues
13. Ripple Effect
• Delay in realize cycles
• More and more production fixes (CRs)
• Loss of trust from
• Customers
• Management / Leadership
• Waste of manpower / bandwidth usage
for troubleshooting
14. Possible Solution
Approach
• Standardized templates to design
Specs
• Design gap detector process
• Centralized user management &
RBAC
• Integrated version control system
within Service Contract Design steps
• Auto generated API stubs, Test cases,
and pipelines trigger for verification
• E2E API contract mapping
17. Possible Benefits
• Early detection of API design gaps
• Failed result tells exactly what is causing
the break and which system it is coming
from
• More automated collaboration
• Transparent and Automated Service Contract
Verification using auto-stubs and Orchestration
services
• Failed testing result are due to real system
error and not because of the flaky
infrastructure
• Blameless culture adoption for E2E process
• Easy troubleshooting
18. Key impacts
• Fail fast for more collaboration
• Automated Verification and validations of designs
• Blameless culture adoption for E2E design process
19. Connect with me for
more…
contact@hellouchit.com
www.hellouchit.com