Building APIs in a Cloud Native Era
0 likes211 views
The document discusses the importance of APIs in a cloud-native environment, emphasizing that over 75% of organizations will adopt multi-cloud or hybrid strategies by 2021. It highlights the issues developers face when connecting to APIs and presents integration APIs as a solution to enhance governance, error handling, and flexibility. Additionally, it outlines key considerations for running APIs in production, including security, versioning, and support for various communication protocols.
Building APIs in a Cloud Native Era
- 1. Building APIs in a Cloud Native Era December 10, 2020
- 2. Hello! Nuwan Dias VP and deputy CTO for API Management and Integration - WSO2 @nuwandias Co-Author of Microservices Security in Action
- 3. "By 2021, over 75% of midsize and large organizations will have adopted a multi-cloud and/or hybrid IT strategy." - Gartner 3
- 4. ● APIs connect systems together. ● APIs are built by connecting systems together APIs…. 4
- 5. A simple Order Processing API 5 Order Processing API Purchase order request Save order in database Purchase order response
- 6. An actual Order Processing API 6 Order Processing API
- 7. Python code that calls the Twilio Send SMS API Initializing the Twilio client with credentials Sending Message
- 8. cURL request to send an SMS from Twilio curl -X POST https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Mess ages.json --data-urlencode "Body=Hi there$EXCLAMATION_MARK" --data-urlencode "From=+15017122661" --data-urlencode "To=+15558675310" -u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN Basic Auth Header Message Payload
- 9. That was the happy path!! 9 Wait! What? There’s an unhappy path too? It’s Twilio, what could possibly go wrong?
- 10. ● How to deal with credentials securely ⦿ How to obtain credentials? ⦿ How to store credentials securely? ⦿ How to propagate credentials through CI/CD pipelines of the app? ● How to handle application errors. ⦿ When the phone number is invalid or disconnected ⦿ When the credentials are invalid or expired. ● How to handle connectivity issues. ⦿ Network connectivity issues. ⦿ APIs being retired. ⦿ Expired certificates. What problems did you not see above? 10
- 11. ● Lots of boilerplate code. ● The need for developers to learn things outside the scope of their business. ⦿ Learning how to use the APIs/SDKs (if available). ⦿ Learning how to obtain and manage credentials securely. ⦿ . . . . ● Risk of mistakes and the need of a good governance model to avert them. ● Developers having to keep up with the new versions of the endpoints ⦿ For security and other important updates. ● A repetition of all drawbacks above as more developers start connecting to the same endpoints. Drawbacks of writing code to connect well known endpoints 11
- 12. Introducing Integration APIs to solve the problem 12 Orders Microservice Products Microservice Cloud Services Integration APIs Utility APIs
- 13. ● Can be implemented using low-code/no-code tooling. ● Flexible enough to be extended using code (doesn’t stop at low/no code). ● Has all characteristics of a proper cloud-native microservice ⦿ Atomic execution. ⦿ Lightweight in distribution and resource utilization. ⦿ Supports GitOps based CI/CD flows. ⦿ Observable. ⦿ . . . . . ● Has a rich family of connectors to well known cloud APIs. ● Provides rich value for connecting to any endpoint (even non-SaaS) ● Has rich constructs for well known integration needs (data mapping, error handling, etc) Important characteristics of Integration APIs 13
- 14. Q: Isn’t this what a Service Mesh is for? 14 A: No
- 15. ● The primary goal of a service mesh is to solve problems in a MSA when service communicate with each other. ⦿ Service discoverability ⦿ Transport level security ⦿ Circuit breaking ⦿ Message tracing and observability What is a service mesh and what problems does it solve? 15 Orders Microservice Shipping Microservice
- 16. We now have a functional API. What does it take to run this in production? 16
- 17. ● Granting secure access to the API. ⦿ Standard protocols such as OAuth2.0/OIDC. ⦿ Security federation across cloud IDPs. ⦿ Security context propagation to upstream microservices. ● Updating the API with no downtime and client impact. ⦿ API versions and revisions. ⦿ Seamless migration of clients to newer versions of the API. ● Supporting different styles of APIs and protocols ⦿ Regular, request/response type APIs ⦿ Event driven APIs ⦿ HTTP, gRPC, GraphQL, WebSockets, SSEs, WebHooks. ● Setting up automated tests for the API. ● Hybrid deployment patterns. Running an API in Production in a Cloud Native Era 17
- 18. API Management 18 Orders Microservice Products Microservice Integration APIs Utility APIsEdge APIs - API Gateways Control Plane
- 19. API Management - Expanded 19 Orders Microservice Products Microservice Integration APIs Utility APIsEdge APIs - API Gateways API Governance Policy Management Business Insights Developer Portals Low code tooling Connector Governance Artificial Intelligence CI/CD and deployment mgt Observability CI/CD and deployment mgt Observability
- 20. wso2.com Thanks!