API First Workflow: How could we have better API Docs through DevOps pipeline

Apr 21, 2021Download as pptx, pdf

1 like377 views

The document outlines the API first workflow, contrasting current code-first processes with a design-first approach aimed at enhancing API documentation through a DevOps pipeline. It discusses various tools, use cases, and steps involved in the API development lifecycle, including automation, continuous integration, and documentation generation. The goal is to improve efficiency and usability for developers, testers, and stakeholders by utilizing an API specification early in the process.

Most read

API First Workflow:
Better API Docs through a DevOps
pipeline
Yantian You
yantian.you@sas.com
API Integration Engineer @SAS

AGENDA
01
02
Current API Process (Code first)
vs API First (Design First)
API First Workflow / Vision
03 Use cases and examples

Developers Testers Reviews
Documentation
Code first

Developers
Documentation Continuous Delivery
OpenAPI 3.0 Specification
Testers
Product
Manager
Design First

API First Roadmap
Planning Mindset
Automation (CI/CD)
Efficiency Usability

API Design API Specification Tool chain APIs
tests
documents
Code
template
Mock
services Cloud
Platform
Security
check
Other docs
A Quick Overview

Development Cycle
Continuous Integration
Mock
Server
Lint
Team
Review
Rejected
Approved
Merge to
Master
Server Code
Generated (Boiler
Plate)
Mock Server
Started
Documentation
Generated
Development Cycle Continued
Testers /
PreSales
Tech
Writers
Edits
Contract testing
Testers
test Code
Developer
adds logic
Commits code
Tests Fail
Tests
Pass
Final
Team
Review
Publish API
Write
OpenAPI
Pull
Request
Client Code
generated
API
Spec
Key
Human
Automatic /
Machine Done
Fail
Pass
…
Let’s go deeper into it

Design Workshop
Stoplight Studio
Swagger Editor
Apicurio
Spec gen tool(Web/GUI)
Opensource
API Specification
Product manager + Customer +
Stakeholder + Testers + Developers
How to get an API Spec at the very beginning?

API First Workflow: How could we have better API Docs through DevOps pipeline

API
Dev
Mock
server
Server
code
Client &
Test
Deploy on k8s
cloud server
Push to git
platform
Review &
pull the
branch
Doc gen
Input
Deepmap
OpenAPI -
Gen
Swagger-
Gen
Code gen tool (Containers)
Prism Apisprout
Mock tool (Containers)
Opensource
Opensource
Doc
Initial
Spectral
Opensource
Linting tool(Containers)
API Spec Spec linting
Test &
Review &
Merge
contract/smoke/unit
Test

Input
API Spec Tool Box 1 Tool Box 2 Tool Box 3 Tool Box n
For local run and testing:
Tooling containers & Sage tools(= Sas + mage)
For running in the pipeline:
Using the same tooling containers
OpenSource tools in the pipeline

Building the mock server
Take API Specification as the input, run prism
tool for building a mock service
• Build the mock server locally
• Build the mock server through the
pipeline - auto-deploy to a k8s cluster
with istio configured. Each of the API
mock service will have a unique
hostname
• Testers could start playing around the
mock services even before the real
service comes out
API Spec
Local mock Assign a namespace
Configure ingress rule
Deploy the services
Remote mock

Input
API Spec Tool Box 1 Tool Box 2 Tool Box 3 Tool Box n
New Tool 1
New Tool 3
Tools in the future

The document outlines best practices for managing OpenAPI specifications at scale, emphasizing the importance of a detailed and accurate specification file. It discusses macro trends driving the need for composable APIs, and suggests strategies to enhance adoption, such as encouraging collaboration, investing in a centralized registry, and treating OpenAPI files as critical assets. Key recommendations include fostering accessibility, automating consistency, and using versioning effectively.

Building APIs with the OpenApi SpecPedro J. Molina

The document outlines the importance of APIs in the current tech landscape, discussing the OpenAPI standard as a formal contract for REST APIs that aids in system integration. It covers various aspects of API development, including use cases, versioning, and management tools, while also emphasizing the need for a robust ecosystem surrounding APIs. Additionally, it highlights the transition from Swagger to OpenAPI 3.0 and various resources for API documentation and management.

Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...HostedbyConfluent

The document discusses event-driven APIs and schema governance within the context of Apache Kafka, emphasizing the importance of contract-first API development to improve collaboration, consistency, and integration among teams. It introduces the Apicurio Registry as a solution for managing various schema types and enforcing compatibility and validity rules, highlighting features such as support for multiple formats and version control. Additionally, it outlines the challenges faced in Kafka environments regarding data types and schema changes.

Designing APIs with OpenAPI SpecAdam Paxton

The presentation by Adam Paxton on March 23, 2018, introduces the OpenAPI Specification, a standard way to describe REST APIs that enhances design consistency and documentation. It discusses tools such as Swagger Editor, Swagger UI, and Swagger Codegen for designing, documenting, and generating API code. The session also demonstrates the use of OpenAPI with Node.js and highlights the benefits of using OpenAPI in collaborative development environments.

Security in CI/CD Pipelines: Tips for DevOps EngineersDevOps.com

The document outlines best practices for integrating security testing in CI/CD pipelines, emphasizing the importance of automating security processes to adapt to agile and DevOps environments. It discusses various testing methodologies such as static, dynamic, and interactive application security testing, their advantages, challenges, and recommends tools for each. The content also highlights the significance of prioritizing vulnerabilities and implementing effective workflows to address security issues in development processes.

Api design best practiceRed Hat

The document discusses API design best practices. It begins with an overview of API lifecycles and introduces two approaches to API design: design first and code first. It then outlines several design principles for APIs, including treating APIs as products and focusing on developer experience. The document also discusses OpenAPI Specification 3.0 and tools for API design like Stoplight, Restlet, and Apicurio. It concludes with complementary tools for API testing, mocking, and design.

What Is Selenium? | Selenium Basics For Beginners | Introduction To Selenium ...Simplilearn

The document discusses the evolution of software testing, focusing on manual testing's challenges and the advantages of automation through Selenium, an open-source testing tool. It details the components and capabilities of the Selenium suite, including Selenium IDE, Remote Control, WebDriver, and Grid, highlighting their functionality and intended use. Additionally, it addresses the jobs associated with Selenium and provides insights into salaries for automation engineers in different regions.

Selenium Tutorial For Beginners | Selenium Automation Testing Tutorial | Sele...Simplilearn

The document discusses manual testing and its limitations, highlighting its time-consuming nature and error risk compared to automated testing using Selenium. Selenium, developed to automate web application testing, offers multiple tools such as Selenium IDE, Selenium RC, and Selenium WebDriver, each with unique features and limitations. It emphasizes the advantages of Selenium in terms of speed, accuracy, and support for multiple programming languages and platforms while noting its limitations, including lack of reliable tech support and built-in reporting.

Azure API ManagementDaniel Toomey

The document discusses the strategic importance of Azure API Management in driving digital transformation through APIs. It outlines various features of Azure API Management including API lifecycle management, security measures, and integration capabilities, emphasizing its role in enhancing user engagement and business agility. Additionally, it provides resources and insights for utilizing API Management effectively in enterprises.

Introduction to AWS API Gateway PresentationKnoldus Inc.

The document outlines the etiquette and expectations during AWS API Gateway sessions, including punctuality and constructive feedback. It explains what an API Gateway is, along with various use cases and scenarios demonstrating its functionality, particularly in AWS. Additionally, it describes Amazon API Gateway as a managed service that facilitates the creation, monitoring, and security of APIs at scale.

Adopting a Design-First Approach to API Development with SwaggerHubSmartBear

This document discusses adopting a design-first approach to API development using SwaggerHub. It outlines the risks of a code-first approach, such as inconsistencies across teams and building the wrong thing. A design-first approach encourages early discussion with stakeholders. SwaggerHub helps with this approach by providing tools for documentation, collaboration, API modeling and prototyping, virtualization, and code generation to generate client SDKs and server stubs from the API design.

Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinVietnam Open Infrastructure User Group

This document discusses using Ansible for automation across various IT use cases. It provides examples of how Ansible can be used for infrastructure orchestration, patch management, network automation, and managing various network devices and platforms including Cisco, Palo Alto, and Fortinet devices. It also provides examples of playbooks for tasks like provisioning servers, configuring firewall rules, and checking for configuration drift. Overall it promotes Ansible as a simple, agentless, and extensible automation tool that can automate technologies across IT operations, DevOps, security and more.

[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran

The document discusses the challenges and opportunities in DevSecOps, emphasizing the importance of tool adoption, constant feedback, and managing application security with practices like SAST, DAST, and OSS. It provides insights on onboarding processes, tool effectiveness, and practical strategies for managing security issues and zero-day vulnerabilities. The author advocates for developer engagement and effective monitoring to enhance security in production environments.

Api typesSarah Maddox

This document classifies and describes different types of APIs. It discusses web service APIs like REST and SOAP, library-based APIs that interface with programming languages like JavaScript, class-based APIs for platforms like Java and Android, OS APIs that allow access to system functions and hardware, and object remoting APIs like CORBA. Examples are provided for many API types. The document is intended to provide an overview of the various ways that software applications can communicate through defined programming interfaces.

02 api gatewayJanani Velmurugan

This document discusses API gateways as a solution for challenges that arise in microservices architectures. It describes how a monolithic architecture can become complex as services grow quickly. In a microservices architecture, clients could communicate directly with each service but this introduces problems around endpoint management, multiple requests, and refactoring difficulties. An API gateway provides a single entry point, routes requests to appropriate services, and aggregates results to address these issues. It then demonstrates Netflix Zuul, an open source API gateway, and provides a demo of its use with Eureka service discovery and routing between hello and goodbye microservices.

SeleniumRuturaj Doshi

Selenium is a suite of tools to automate web application testing through a browser. It includes Selenium Core for running tests directly in the browser, Selenium RC for controlling the browser from an external program, and Selenium IDE, a Firefox plugin for recording and playing back tests. Selenium supports multiple programming languages and browsers, uses locator strategies like IDs and XPath to find elements, and has add-ons for tools like FireBug to aid in test development.

SonarQube - The leading platform for Continuous Code QualityLarry Nung

SonarQube is a leading platform for continuous code quality that allows developers to write clean code, detect bugs across 20+ programming languages, and integrate with DevOps tools like Jenkins. The document discusses getting started with SonarQube by setting up the Windows service, MySQL database, security, plugins, rules, quality profiles, and quality gates. It also covers project management, remote access, using the SonarQube scanner for MSBuild, and integrating SonarQube with Jenkins for continuous code quality.

Introduction to Kong API GatewayYohann Ciurlik

This document provides an overview of Kong, an open-source API gateway. It discusses that Kong is a cloud-native, scalable middleware between clients and APIs, and supports features like authentication, security, traffic control, and analytics. The document also summarizes the Community and Enterprise editions of Kong, including that the Enterprise edition provides additional capabilities like an admin GUI, API analytics, and support. It concludes with an example of using Kong to expose an API and discusses benefits and concerns of Kong.

APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays

This document discusses approaching API security for multicloud environments using an abstraction called "Metacloud." It notes that as cloud deployments become more complex with multiple APIs, security risks increase. The document proposes addressing this by abstracting resources across clouds to reduce complexity and enable common security practices. This involves automating API access, data processing, services, and platforms to create a unified "Metacloud" or "Supercloud." The goal is to orchestrate security, observability, access management and other functions to help manage risk at scale across multiple cloud providers.

DevOps - A Gentle IntroductionGanesh Samarthyam

DevOps is a set of practices intended to reduce the time between committing a change to a system and deploying it to production while ensuring high quality. It focuses on bridging the gap between developers and operations teams. Key DevOps principles include systems thinking, amplifying feedback loops, and a culture of experimentation. DevOps aims to achieve continuous delivery through practices like automated deployments, infrastructure as code, and deployment strategies like blue-green deployments and rolling upgrades.

Jenkins OverviewAhmed M. Gomaa

2019 DevSecOps Reference ArchitecturesSonatype

Test Automation Frameworks: Assumptions, Concepts & ToolsAmit Rawat

The document discusses factors to consider when selecting a test automation framework. It describes how there are many options for frameworks available and outlines important criteria to evaluate, such as flexibility, ability to support different applications and interfaces, tool and language independence, parallel execution, and design patterns. The presentation provides examples of different types of frameworks and discusses strategies for building frameworks that can scale and evolve with changing needs.

SonarQube OverviewAhmed M. Gomaa

Microservices & API Gateways Kong Inc.

The document discusses the pros and cons of monolithic versus microservice architectures and the role of API gateways in microservice management, using Kong and NGINX as examples. It outlines benefits such as better agility and scalability in microservices, while also addressing challenges like infrastructure complexity and testing difficulties. Additionally, it explains how Kong functions as an API management layer, highlighting its features such as authentication, traffic control, and support for various plugins.

Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaNexus FrontierTech

Sonar is a software quality management platform that enables developers to access and track code analysis data ranging from styling errors and potential bugs to code defects, duplications, lack of test coverage, and excess complexity. It supports over 20 programming languages. Some key features include over 600 coding rules, standard software metrics, the ability to drill down to source code details, a time machine feature to analyze technical debt and code smells over time, security measures, an extensible plugin system, and integrations with tools like Jenkins. Sonar also covers 7 axes of code quality and has an architecture that allows for analysis of code in a continuous integration workflow.

SonarQube Presentation.pptxSatwik Bhupathi Raju

SonarQube is a popular tool for code quality analysis in web development, offering static code analysis, code coverage, and duplication analysis. It enables developers to identify and prioritize code quality issues through integrated tools like Maven and Jenkins, along with quality gates that enforce coding standards. By using SonarQube, developers can improve software quality, reduce technical debt, and minimize the risk of bugs and security vulnerabilities.

SonarQubeGnanaseelan Jeb

This document discusses SonarQube and the seven deadly sins of software development it helps identify. It begins by introducing SonarQube and its role in separating developers from code quality issues. It then details the seven sins: 1) Violation of architecture layers, 2) Creating dependency cycles, 3) High cyclomatic complexity, 4) Lack of proper unit tests, 5) Undocumented source code, 6) Duplicate source code, and 7) Coding standard breaches. For each sin, it provides examples of how SonarQube detects and reports the issue. It concludes by categorizing the different issue types SonarQube identifies in terms of bugs, potential bugs, inefficiencies, and coding styles.

The API Lifecycle Series: Evolving API Development and Testing from Open Sour...SmartBear

This document summarizes an upcoming webinar on evolving API development and testing. The webinar will discuss: - Getting started with the OpenAPI Specification (OAS) and functional API testing using open source tools - The challenges of OAS development at scale including having specs in multiple places, collaboration needs, and integrating development into delivery pipelines - When open source tools are no longer sufficient and it's time to move to pro tools, such as when dynamic test data is needed, testing multiple environments, and including tests in CI/CD pipelines

Space Camp June 2022 - API First.pdfPostman

The document outlines an agenda for a workshop on API-first practices and includes sessions led by various advocates and representatives from companies like Stripe and Twitter. It emphasizes the importance of early feedback in API design, governance, and the OpenAPI specification for creating effective APIs. Participants are encouraged to ask questions and provide feedback throughout the day for a chance to win prizes.

More Related Content

What's hot (20)

Azure API ManagementDaniel Toomey

Introduction to AWS API Gateway PresentationKnoldus Inc.

Adopting a Design-First Approach to API Development with SwaggerHubSmartBear

Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinVietnam Open Infrastructure User Group

[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran

Api typesSarah Maddox

02 api gatewayJanani Velmurugan

SeleniumRuturaj Doshi

SonarQube - The leading platform for Continuous Code QualityLarry Nung

Introduction to Kong API GatewayYohann Ciurlik

APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays

DevOps - A Gentle IntroductionGanesh Samarthyam

Jenkins OverviewAhmed M. Gomaa

2019 DevSecOps Reference ArchitecturesSonatype

Test Automation Frameworks: Assumptions, Concepts & ToolsAmit Rawat

SonarQube OverviewAhmed M. Gomaa

Microservices & API Gateways Kong Inc.

Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaNexus FrontierTech

SonarQube Presentation.pptxSatwik Bhupathi Raju

SonarQubeGnanaseelan Jeb

Azure API ManagementDaniel Toomey

Introduction to AWS API Gateway PresentationKnoldus Inc.

Adopting a Design-First Approach to API Development with SwaggerHubSmartBear

Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinVietnam Open Infrastructure User Group

[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran

Api typesSarah Maddox

02 api gatewayJanani Velmurugan

SeleniumRuturaj Doshi

SonarQube - The leading platform for Continuous Code QualityLarry Nung

Introduction to Kong API GatewayYohann Ciurlik

APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays

DevOps - A Gentle IntroductionGanesh Samarthyam

Jenkins OverviewAhmed M. Gomaa

2019 DevSecOps Reference ArchitecturesSonatype

Test Automation Frameworks: Assumptions, Concepts & ToolsAmit Rawat

SonarQube OverviewAhmed M. Gomaa

Microservices & API Gateways Kong Inc.

Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaNexus FrontierTech

SonarQube Presentation.pptxSatwik Bhupathi Raju

SonarQubeGnanaseelan Jeb

Similar to API First Workflow: How could we have better API Docs through DevOps pipeline (20)

The API Lifecycle Series: Evolving API Development and Testing from Open Sour...SmartBear

Space Camp June 2022 - API First.pdfPostman

2022 APIsecure_Securing APIs with Open StandardsAPIsecure_ Official

Securing APIs with Open Standards provides tips for securing APIs from the Synack Red Team. It discusses using OpenAPI definitions to document APIs, embracing open box testing, and balancing security and adoption through developer relations. It also demonstrates how insecure user input validation can allow access to private data stored in AWS S3 buckets and how Salesforce record IDs can be brute forced to enable unauthorized access if not properly secured. The presentation emphasizes designing APIs with security in mind, adopting standards like OpenAPI, and balancing security testing with developer onboarding.

Why You Should Be Doing Contract-First API DevelopmentDevenPhillips

The document discusses adopting a contract-first approach to API development where the API contract is defined using OpenAPI before any code is written, which allows different teams to work in parallel without risk of integration issues, and tools can generate code stubs and tests from the contract to speed up development. It recommends designing the UI first through prototyping and user research to drive the API design, using a mock server during UI development for rapid iteration, and generating and validating the server implementation from the OpenAPI contract.

Spec-first API Design for Speed and SafetyAtlassian

The document discusses a spec-first approach to API development, emphasizing the importance of designing APIs as OpenAPI specifications to enhance collaboration and feedback among teams. It highlights the benefits of generating implementations from the specs, enabling effective contract testing, and improving the development process through tighter feedback loops. The document also provides tools and techniques for implementing this approach, aimed at reducing development time and increasing the usability of APIs.

The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...SmartBear

This document discusses design-first and code-first approaches to API development. It explores how existing services can leverage the OpenAPI Specification (OAS) and the benefits of each approach. Design-first allows for a single source of truth across design, development, testing and documentation. It enables early feedback and iteration. Code-first treats OAS as a byproduct of development and enables existing practices, but requires more customization. The document provides examples of how teams have implemented both approaches using SmartBear tools.

Api clarity webinarLibbySchulze

This document discusses the need for reconstructing API specifications from runtime traffic without source code access. It provides an overview of existing open source solutions and their limitations. It then introduces APIClarity, an open source tool that monitors API traffic using a service mesh to automatically generate OpenAPI specifications, allows users to review and approve specifications, and detects differences between specifications and runtime behavior. The document demonstrates APIClarity using a sample application and discusses plans for additional features.

OpenAPI Intro (1).pdfPostman

The document outlines a session on OpenAPI organized by Postman, focusing on its applications and best practices for designing APIs with an API-first approach. Attendees learned about reusable components, customization of generated collections, and the API producer lifecycle. Additional resources and future enhancements, including multi-file schema support and partner API networks, were also discussed.

APIdays Singapore 2019 - Bringing OpenAPI to devOps, Vincenzo Chianese, Softw...apidays

Vincenzo Chianese gave a presentation on bringing OpenAPI to DevOps. He discussed current usages of OpenAPI like documentation, code generation, and test automation. However, tooling has not fully caught up with the latest OpenAPI 3.0 specification. While some API gateways support OpenAPI, implementations can be difficult and OpenAPI's capabilities for describing runtime aspects of APIs are limited. Overall, better tooling and expanded OpenAPI specifications are still needed to fully bring OpenAPI to DevOps workflows and API management platforms.

Always up to date, testable and maintainable documentation with OpenAPIGOG.com dev team

The document discusses the challenges of maintaining accurate and complete API documentation, highlighting issues such as incompleteness and inconsistency that can hinder integration and increase costs. It emphasizes the importance of using API specification standards like OpenAPI to automate documentation processes and ensure that they are always up to date. Finally, it outlines a workflow for seamless documentation updates and testing implementation against specifications to improve API usability and reduce frustration.

API City 2019 Presentation - Delivering Developer Tools at Scale: Microsoft A...Joe Levy

The document discusses strategies for scaling developer tools within Microsoft Azure and Oracle Cloud by utilizing OpenAPI to manage multiple client types and maintain service consistency. It outlines the roles of different teams responsible for API specifications, client tools, and testing, as well as validation processes to ensure high-quality outputs. Both companies employ unique methods for addressing domain expressiveness and scaling development processes while maintaining adherence to design guidelines.

API Description LanguagesAkana

The document provides an overview of API Description Languages (API DL) and their significance in developing and managing RESTful APIs, highlighting options such as Swagger, RAML, and WSDL. It discusses the advantages and disadvantages of each language, as well as their community support, design approaches, and use cases. Additionally, it emphasizes the importance of documentation and the potential challenges in keeping it synchronized with production code.

API Description LanguagesAkana

This document discusses API description languages (APIs), comparing Swagger and RAML. It provides an overview of each specification and demonstrates how to define a sample wishlist API using Swagger via swagger-node-express and RAML. While both work well for RESTful APIs, RAML allows for more robust modeling and top-down design capabilities. The document considers issues like documentation approaches and generating documentation from code versus design.

Presentation at the 2016 Linux Foundation Collab SummitOpen API Initiative (OAI)

The document provides an overview of the Open API Initiative and the Open API Specification (OAS), highlighting its purpose as a vendor-neutral and portable standard for defining REST APIs. It details the evolution of OAS, its community-driven governance structure, and the advantages of adopting this specification for API development. The document also emphasizes the benefits of OAS including comprehensive tooling support and the ability to generate code from API specifications.

Service api design validation & collaborationUchit Vyas ☁

This document discusses service APIs and API quality. It provides background on Uchit Vyas and his experience in DevSecOps. It then shares statistics on API usage at companies like eBay, Salesforce, Google and Netflix. The document outlines key findings from an API survey, including most popular deployment methods, developer interests, and tools. It defines aspects of API quality like resilience, robustness, security, discoverability and consistency. Methods to achieve each quality are described, like chaos engineering, fuzz testing, security best practices and API documentation. The problem of siloed API contract design is discussed, along with potential solutions like standardized templates, design validation, and automated testing.

apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMGapidays

The document discusses the current state and trends in API usage and design, highlighting statistics such as 60% of eBay listings and 50% of Salesforce transactions being API-driven. It emphasizes the importance of API quality and resilience through practices like chaos engineering, robust testing, and standardized design processes. Additionally, it outlines common problems in API contract management and proposes solutions to improve collaboration and automate verification, ultimately fostering a blameless culture in development.

API Tools.pptxSubramanian Krishnan

apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays

The document outlines the processes and best practices in the Finastra API delivery pipeline, focusing on the importance of Open API specifications as contracts that require thorough reviews and standardization. It emphasizes the use of tooling for quality assurance, such as validation rules, compliance checks, and automation in CI/CD workflows. The document also discusses challenges in API review and standardization, with a vision for better tooling and self-service capabilities for API consumers.

API Versioning for Zero Downtime | Devoxx Belgium 2017Patrice Krakow

API versioning is important to balance the needs of API providers who want to frequently update their APIs, and API consumers who want APIs to remain stable. API versioning allows both groups to work together by allowing providers to release new versions while maintaining backwards compatibility for consumers. It provides a standard way (Semantic Versioning) to increment version numbers based on the type of changes - major for incompatible changes, minor for backwards-compatible new features, and patch for backwards-compatible bug fixes. This allows consumers to control when they upgrade to a new version.

Delivering Developer Tools at ScaleOracle Developers

This document discusses delivering developer tools at scale for Oracle Bare Metal Cloud Services. It outlines the challenges of supporting many programming languages, tools, services, features and rapid innovation with a small team. The solutions discussed are using Swagger to declaratively describe APIs, open sourcing tools to engage the community, and maintaining API consistency. It also addresses handling multiple release scopes by using custom fields in the Swagger specification.

The API Lifecycle Series: Evolving API Development and Testing from Open Sour...SmartBear

Space Camp June 2022 - API First.pdfPostman

2022 APIsecure_Securing APIs with Open StandardsAPIsecure_ Official

Why You Should Be Doing Contract-First API DevelopmentDevenPhillips

Spec-first API Design for Speed and SafetyAtlassian

The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...SmartBear

Api clarity webinarLibbySchulze

OpenAPI Intro (1).pdfPostman

APIdays Singapore 2019 - Bringing OpenAPI to devOps, Vincenzo Chianese, Softw...apidays

Always up to date, testable and maintainable documentation with OpenAPIGOG.com dev team

API City 2019 Presentation - Delivering Developer Tools at Scale: Microsoft A...Joe Levy

API Description LanguagesAkana

Presentation at the 2016 Linux Foundation Collab SummitOpen API Initiative (OAI)

Service api design validation & collaborationUchit Vyas ☁

apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMGapidays

API Tools.pptxSubramanian Krishnan

apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays

API Versioning for Zero Downtime | Devoxx Belgium 2017Patrice Krakow

Delivering Developer Tools at ScaleOracle Developers

More from Pronovix (20)

By the time they're reading the docs, it's already too latePronovix

The document discusses the importance of documentation in developer relations, emphasizing that developers typically research and evaluate technology before accessing docs. It highlights the interconnectedness of marketing, education, and documentation in shaping developer perceptions and experiences. Additionally, it stresses the need for cross-team coordination to provide a seamless developer experience.

Optimizing Dev Portals with Analytics and FeedbackPronovix

The document discusses optimizing developer portals through analytics and feedback, highlighting the unique challenges and opportunities involved. It emphasizes the importance of modern product development approaches, such as experimentation, to prioritize outcomes over outputs, reduce uncertainty, and improve user engagement. Recommendations include maintaining an experimental mindset, focusing on learning from experiments, and using multiple key measures for success.

Success metrics when launching your first developer portalPronovix

The document outlines the journey and success metrics for launching Fiserv's developer portal, aiming to enhance the developer experience through a unified and consistent interface. Key success criteria include achieving high NPS scores, quick onboarding for product teams, and engaging over 100 participants in a hackathon. The document emphasizes the importance of addressing core problems and iterating quickly based on user feedback.

Documentation, APIs & AIPronovix

This document discusses challenges with API integration and proposes augmented approaches using AI. It notes that API integration takes a long time on average of 700 days due to difficulties understanding documentation, requirements, and ecosystems. Common obstacles include domain modeling, use cases, documentation quality, and access issues. The document advocates improving documentation to explain business and product aspects beyond technical references. It envisions next-gen integration using AI like NLP to help analyze APIs and generate integration code on demand. This could enhance documentation with interactive capabilities and help applications autonomously discover and connect APIs.

Making sense of analytics for documentation pagesPronovix

The document discusses the role of analytics in understanding user engagement with documentation pages, emphasizing what metrics can and cannot reveal about user behavior. It outlines key metrics, the analytics process, and guidelines for interpreting metrics, stressing the importance of considering additional data sources and context. The summary stresses that while analytics can provide insights, they do not represent reality and should be supplemented by understanding user needs and content quality.

Feedback cycles and their role in improving overall developer experiencesPronovix

This document discusses the importance of feedback cycles in enhancing developer experiences, focusing on various aspects such as developer journeys and the value of adoption. It outlines different feedback modes, roles, and cycles, emphasizing documentation and community engagement as crucial elements for successful developer programs. The document also features tools and resources available for developers in the Spotify ecosystem.

GraphQL Isn't An Excuse To Stop Writing DocsPronovix

Roy Derks discusses the importance of documentation, particularly in the context of GraphQL, emphasizing that documentation serves to describe, explain, and instruct about systems or procedures. He critiques tools like GraphiQL for their limitations in providing in-depth explanations and suggests the use of static documentation generators to enhance clarity on topics like installation and troubleshooting. The document outlines how GraphQL introspection can aid in creating more informative documentation, while also highlighting the need for comprehensive resources beyond dynamic tools.

API Documentation For Web3Pronovix

This document provides guidance for writing documentation about Web3 technologies. It begins with an introduction to the author and their background in technical writing. The document then discusses what Web3 is and how it differs from Web2. It emphasizes that Web3 documentation should use familiar formats from Web2, include detailed examples and code snippets, and use clear language to explain challenging new concepts. Constant research is important given the rapidly evolving nature of Web3 projects. The goal of documentation is to accelerate understanding and adoption of new decentralized technologies.

Why your API doesn’t solve my problem: A use case-driven API designPronovix

unREST among the docsPronovix

The document discusses the challenges faced by technical writers, designers, and developers in creating effective documentation for developer experiences. It highlights various strategies and examples from different companies, such as Razorpay and Dyte, that showcase good practices in documentation design. The author emphasizes the importance of contextual information and user-centered approaches to improve documentation accessibility and usability.

Developing a best-in-class deprecation policy for your APIsPronovix

Nobody likes ambiguity—especially when it comes to the stability of APIs and the expectations for availability long term. Avoid common pitfalls and explore a critical area where trust is built with developers through thoughtful policy and the development of best-in-class documentation. A good deprecation policy involves a lot of forward thinking and an awareness of how developers or end users are currently leveraging your capabilities, and how a given API or feature deprecation could affect them in the future. The hard-earned trust that you’ve built and maintained with these individuals is at risk with any type of policy or documentation that is unclear. The road to developing a clear, trustworthy deprecation policy is a multi-faceted initiative with input from product, engineering, customer success and other cross-functional teams, as well as external market awareness. Knowing which voices to have in the room, what the industry standards are, and formulating appropriate communication timelines will ensure a world class policy is developed and documented before it’s needed. Join us as we dive into the nuances of this process and how to avoid the common pitfalls that come from lacking a strategic, thoughtful approach to documenting a deprecation policy for your APIs.

Annotate, Automate & Educate: Driving generated OpenAPI docs to benefit everyonePronovix

The document outlines a presentation by technical writers from Cloud MongoDB discussing the implementation of OpenAPI documentation to improve API documentation accuracy and consistency. Key topics include overcoming challenges in cross-team coordination, the automation of documentation processes, and lessons learned from their implementation journey. The document concludes with future plans for enhancements such as SDK generation and additional annotations.

What do developers do when it comes to understanding and using APIs?Pronovix

- The document discusses different approaches that developers take to learning APIs: the systematic approach, where developers want to be in control and fully understand what they are doing; the opportunistic approach, where developers quickly experiment and reuse examples; and the pragmatic approach, which combines elements of the first two. - It also discusses the concept of "flow" in software development and lists some triggers for getting into a state of flow such as clear goals, immediate feedback, and a rich environment. - The document concludes by asking questions about how to maximize the chance that developers experience flow when using documentation.

Inclusive, Accessible Tech: Bias-Free Language in Code and ConfigurationsPronovix

The document discusses Cisco's initiatives to promote inclusive and bias-free language in their products and culture, highlighting their commitment to social justice through various actions such as increasing representation and supporting diversity. It outlines policies to foster inclusive language by replacing harmful terms with recommended alternatives, and emphasizes the importance of compliance and governance in implementing these changes. Additionally, it provides resources for further engagement in inclusive language practices and encourages individuals to reflect on their own language use.

Creating API documentation for international communitiesPronovix

The document emphasizes the importance of creating accessible API documentation to enhance understanding and reduce support costs for diverse communities. It discusses cultural considerations and best practices for technical writing, including the use of diagrams and supplementary materials to aid comprehension. Additionally, it highlights the necessity for continuous improvement and adaptation of documentation to meet the needs of various audiences.

One Developer Portal to Document Them AllPronovix

The presentation discusses the necessity for a developer portal to manage and document the diverse types of APIs prevalent in modern enterprises. It highlights the importance of an API-first strategy and emphasizes the potential for a developer portal to support various API types through cohesive documentation. The conclusion asserts that a multitude of API types can be effectively documented in a unified and visually appealing manner.

Docs-as-Code: Evolving the API Documentation ExperiencePronovix

The document details Motorola Solutions' evolution in API documentation, emphasizing the transition to a more flexible, agile-based approach involving markdown and DevOps practices. Key changes included utilizing software development methodologies, automating documentation processes, and improving collaborative tools to eliminate issues with document formatting and management. The shift aimed to enhance the developer experience while addressing the complexities and inefficiencies of traditional documentation methods.

Developer journey - make it easy for devs to love your productPronovix

Josef Zeman, a DX analyst with over seven years in software development, discusses developer experience (DX) and the developer journey. He emphasizes the importance of optimizing resources and reducing obstacles in the development process to enhance usability and increase customer engagement. Key factors for improvement include understanding areas of developer friction and iterating on optimizations based on user feedback.

Complexity is not complicatednessPronovix

The document discusses the distinction between complexity and complication, emphasizing that complex systems arise from context-dependent enabling constraints that generate interdependencies, while complicated systems follow linear cause-effect relationships without mutual dependencies. It highlights how emergent properties in complex systems result from relational interactions among elements, enabling novel information and new dynamics. Additionally, it explores the role of interfaces as enabling constraints that facilitate organization and management of complex systems.

How cognitive biases and ranking can foster an ineffective architecture and d...Pronovix

The document examines how cognitive biases and organizational ranking can negatively impact architecture and design within complex socio-technical systems. It emphasizes the importance of collaboration, shared understanding, and inclusivity in decision-making processes, particularly in meetings. Furthermore, it highlights the need for a balanced approach to architecture that takes into account both system and organizational design to foster effective communication and innovation.

By the time they're reading the docs, it's already too latePronovix

Optimizing Dev Portals with Analytics and FeedbackPronovix

Success metrics when launching your first developer portalPronovix

Documentation, APIs & AIPronovix

Making sense of analytics for documentation pagesPronovix

Feedback cycles and their role in improving overall developer experiencesPronovix

GraphQL Isn't An Excuse To Stop Writing DocsPronovix

API Documentation For Web3Pronovix

Why your API doesn’t solve my problem: A use case-driven API designPronovix

unREST among the docsPronovix

Developing a best-in-class deprecation policy for your APIsPronovix

Annotate, Automate & Educate: Driving generated OpenAPI docs to benefit everyonePronovix

What do developers do when it comes to understanding and using APIs?Pronovix

Inclusive, Accessible Tech: Bias-Free Language in Code and ConfigurationsPronovix

Creating API documentation for international communitiesPronovix

One Developer Portal to Document Them AllPronovix

Docs-as-Code: Evolving the API Documentation ExperiencePronovix

Developer journey - make it easy for devs to love your productPronovix

Complexity is not complicatednessPronovix

How cognitive biases and ranking can foster an ineffective architecture and d...Pronovix

Recently uploaded (20)

Integration of Utility Data into 3D BIM Models Using a 3D Solids Modeling Wor...Safe Software

Jacobs has developed a 3D utility solids modelling workflow to improve the integration of utility data into 3D Building Information Modeling (BIM) environments. This workflow, a collaborative effort between the New Zealand Geospatial Team and the Australian Data Capture Team, employs FME to convert 2D utility data into detailed 3D representations, supporting enhanced spatial analysis and clash detection. To enable the automation of this process, Jacobs has also developed a survey data standard that standardizes the capture of existing utilities. This standard ensures consistency in data collection, forming the foundation for the subsequent automated validation and modelling steps. The workflow begins with the acquisition of utility survey data, including attributes such as location, depth, diameter, and material of utility assets like pipes and manholes. This data is validated through a custom-built tool that ensures completeness and logical consistency, including checks for proper connectivity between network components. Following validation, the data is processed using an automated modelling tool to generate 3D solids from 2D geometric representations. These solids are then integrated into BIM models to facilitate compatibility with 3D workflows and enable detailed spatial analyses. The workflow contributes to improved spatial understanding by visualizing the relationships between utilities and other infrastructure elements. The automation of validation and modeling processes ensures consistent and accurate outputs, minimizing errors and increasing workflow efficiency. This methodology highlights the application of FME in addressing challenges associated with geospatial data transformation and demonstrates its utility in enhancing data integration within BIM frameworks. By enabling accurate 3D representation of utility networks, the workflow supports improved design collaboration and decision-making in complex infrastructure projects

FIDO Seminar: New Data: Passkey Adoption in the Workforce.pptxFIDO Alliance

Reducing Conflicts and Increasing Safety Along the Cycling Networks of East-F...Safe Software

In partnership with the Belgian Province of East-Flanders this project aimed to reduce conflicts and increase safety along a cycling route between the cities of Oudenaarde and Ghent. To achieve this goal, the current cycling network data needed some extra key information, including: Speed limits for segments, Access restrictions for different users (pedestrians, cyclists, motor vehicles, etc.), Priority rules at intersections. Using a 360° camera and GPS mounted on a measuring bicycle, we collected images of traffic signs and ground markings along the cycling lanes building up mobile mapping data. Image recognition technologies identified the road signs, creating a dataset with their locations and codes. The data processing entailed three FME workspaces. These included identifying valid intersections with other networks (e.g., roads, railways), creating a topological network between segments and intersections and linking road signs to segments and intersections based on proximity and orientation. Additional features, such as speed zones, inheritance of speed and access to neighbouring segments were also implemented to further enhance the data. The final results were visualized in ArcGIS, enabling analysis for the end users. The project provided them with key insights, including statistics on accessible road segments, speed limits, and intersection priorities. These will make the cycling paths more safe and uniform, by reducing conflicts between users.

FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptxFIDO Alliance

Edge-banding-machines-edgeteq-s-200-en-.pdfAmirStern2

War_And_Cyber_3_Years_Of_Struggle_And_Lessons_For_Global_Security.pdfbiswajitbanerjee38

Russia is one of the most aggressive nations when it comes to state coordinated cyberattacks — and Ukraine has been at the center of their crosshairs for 3 years. This report, provided the State Service of Special Communications and Information Protection of Ukraine contains an incredible amount of cybersecurity insights, showcasing the coordinated aggressive cyberwarfare campaigns of Russia against Ukraine. It brings to the forefront that understanding your adversary, especially an aggressive nation state, is important for cyber defense. Knowing their motivations, capabilities, and tactics becomes an advantage when allocating resources for maximum impact. Intelligence shows Russia is on a cyber rampage, leveraging FSB, SVR, and GRU resources to professionally target Ukraine’s critical infrastructures, military, and international diplomacy support efforts. The number of total incidents against Ukraine, originating from Russia, has steadily increased from 1350 in 2021 to 4315 in 2024, but the number of actual critical incidents has been managed down from a high of 1048 in 2022 to a mere 59 in 2024 — showcasing how the rapid detection and response to cyberattacks has been impacted by Ukraine’s improved cyber resilience. Even against a much larger adversary, Ukraine is showcasing outstanding cybersecurity, enabled by strong strategies and sound tactics. There are lessons to learn for any enterprise that could potentially be targeted by aggressive nation states. Definitely worth the read!

Oracle Cloud and AI Specialization ProgramVICTOR MAESTRE RAMIREZ

Kubernetes Security Act Now Before It’s Too LateMichael Furman

In today's cloud-native landscape, Kubernetes has become the de facto standard for orchestrating containerized applications, but its inherent complexity introduces unique security challenges. Are you one YAML away from disaster? This presentation, "Kubernetes Security: Act Now Before It’s Too Late," is your essential guide to understanding and mitigating the critical security risks within your Kubernetes environments. This presentation dives deep into the OWASP Kubernetes Top Ten, providing actionable insights to harden your clusters. We will cover: The fundamental architecture of Kubernetes and why its security is paramount. In-depth strategies for protecting your Kubernetes Control Plane, including kube-apiserver and etcd. Crucial best practices for securing your workloads and nodes, covering topics like privileged containers, root filesystem security, and the essential role of Pod Security Admission. Don't wait for a breach. Learn how to identify, prevent, and respond to Kubernetes security threats effectively. It's time to act now before it's too late!

MuleSoft for AgentForce : Topic Center and API Catalogshyamraj55

This presentation dives into how MuleSoft empowers AgentForce with organized API discovery and streamlined integration using Topic Center and the API Catalog. Learn how these tools help structure APIs around business needs, improve reusability, and simplify collaboration across teams. Ideal for developers, architects, and business stakeholders looking to build a connected and scalable API ecosystem within AgentForce.

Analysis of the changes in the attitude of the news comments caused by knowin...Matsushita Laboratory

FIDO Alliance Seminar State of Passkeys.pptxFIDO Alliance

Your startup on AWS - How to architect and maintain a Lean and Mean account J...angelo60207

Prevent infrastructure costs from becoming a significant line item on your startup’s budget! Serial entrepreneur and software architect Angelo Mandato will share his experience with AWS Activate (startup credits from AWS) and knowledge on how to architect a lean and mean AWS account ideal for budget minded and bootstrapped startups. In this session you will learn how to manage a production ready AWS account capable of scaling as your startup grows for less than $100/month before credits. We will discuss AWS Budgets, Cost Explorer, architect priorities, and the importance of having flexible, optimized Infrastructure as Code. We will wrap everything up discussing opportunities where to save with AWS services such as S3, EC2, Load Balancers, Lambda Functions, RDS, and many others.

FIDO Seminar: Targeting Trust: The Future of Identity in the Workforce.pptxFIDO Alliance

Can We Use Rust to Develop Extensions for PostgreSQL? (POSETTE: An Event for ...NTT DATA Technology & Innovation

Murdledescargadarkweb.pdfvolumen1 100 elementaryJorgeSemperteguiMont

Down the Rabbit Hole – Solving 5 Training RoadblocksRustici Software

Feeling stuck in the Matrix of your training technologies? You’re not alone. Managing your training catalog, wrangling LMSs and delivering content across different tools and audiences can feel like dodging digital bullets. At some point, you hit a fork in the road: Keep patching things up as issues pop up… or follow the rabbit hole to the root of the problems. Good news, we’ve already been down that rabbit hole. Peter Overton and Cameron Gray of Rustici Software are here to share what we found. In this webinar, we’ll break down 5 training roadblocks in delivery and management and show you how they’re easier to fix than you might think.

Artificial Intelligence in the Nonprofit Boardroom.pdfOnBoard

No-Code Workflows for CAD & 3D Data: Scaling AI-Driven InfrastructureSafe Software

When projects depend on fast, reliable spatial data, every minute counts. AI Clearing needed a faster way to handle complex spatial data from drone surveys, CAD designs and 3D project models across construction sites. With FME Form, they built no-code workflows to clean, convert, integrate, and validate dozens of data formats – cutting analysis time from 5 hours to just 30 minutes. Join us, our partner Globema, and customer AI Clearing to see how they: -Automate processing of 2D, 3D, drone, spatial, and non-spatial data -Analyze construction progress 10x faster and with fewer errors -Handle diverse formats like DWG, KML, SHP, and PDF with ease -Scale their workflows for international projects in solar, roads, and pipelines If you work with complex data, join us to learn how to optimize your own processes and transform your results with FME.

Mastering AI Workflows with FME - Peak of Data & AI 2025Safe Software

Harness the full potential of AI with FME: From creating high-quality training data to optimizing models and utilizing results, FME supports every step of your AI workflow. Seamlessly integrate a wide range of models, including those for data enhancement, forecasting, image and object recognition, and large language models. Customize AI models to meet your exact needs with FME’s powerful tools for training, optimization, and seamless integration

Scaling GenAI Inference From Prototype to Production: Real-World Lessons in S...Anish Kumar

Presented by: Anish Kumar LinkedIn: https://www.linkedin.com/in/anishkumar/ This lightning talk dives into real-world GenAI projects that scaled from prototype to production using Databricks’ fully managed tools. Facing cost and time constraints, we leveraged four key Databricks features—Workflows, Model Serving, Serverless Compute, and Notebooks—to build an AI inference pipeline processing millions of documents (text and audiobooks). This approach enables rapid experimentation, easy tuning of GenAI prompts and compute settings, seamless data iteration and efficient quality testing—allowing Data Scientists and Engineers to collaborate effectively. Learn how to design modular, parameterized notebooks that run concurrently, manage dependencies and accelerate AI-driven insights. Whether you're optimizing AI inference, automating complex data workflows or architecting next-gen serverless AI systems, this session delivers actionable strategies to maximize performance while keeping costs low.