Welcome!

Java IoT Authors: Yeshim Deniz, Carmen Gonzalez, Zakia Bouachraoui, Pat Romanski, Liz McMillan

Related Topics: @CloudExpo, Java IoT, @DevOpsSummit

@CloudExpo: Blog Feed Post

Six Reasons Your API Is the Windows Vista of APIs By @JustinRohrman | @CloudExpo #API #Cloud

If you've developed an API, it exposes some functionality to users

Six Reasons Your API Is the Windows Vista of APIs
by Justin Rohrman

Does your API suck? Okay, that one needs a little explanation.

If you've developed an API, it exposes some functionality to users. It might suck to learn. The documentation might be unclear and the function signatures counter-intuitive. It might suck to use, doing a lot of things, but never particularly what you really need, right now.

After a great deal of working with companies developing new API functionality, and also building out demo material from publicly available APIs (starting with the thought "this should be easy ...") I have developed some opinions on the subject. Just like a restaurant that doesn't pay attention to detail, an awkward API can have a dozen small things that add up to a big problem. Misplaced silverware, a long wait time, a slow waiter, details wrong on the order ... no one of these will make you want to stand up and leave, but put together, they'll make sure you never come back.

No one thing will make your API suck, yet, just like the restaurant, there is an additive effect. Let's look at a few reasons your API might turn people off and figure out how to get them back.

1. Documentation
As a consumer of APIs, this is the first place I go to see what's going on. Hopefully the documentation has all the details I need on authentication and creating tokens, required headers and query strings, sample paths and results. Ideally, the API has a complete demo in every reasonably calling language - not just how to call the code through the web, but how to call the code in python, and how to get the support libraries you used. When I read API documentation, inevitably, at least one of these things is missing, and another is out of date and I get sent on a scavenger hunt for a new path or a header that could have been described more clearly. Problems like this don't ruin my day, but they sure don't make it better.

We live in the future; there are plenty of tools available to create the function signature and automatically update documentation each time a build runs. Documentation frameworks like Swagger are leading the way making documentation increasingly simple.

2. User Experience
Pinpointing users and what they value for run of the mill software is difficult. Everyone has their own goals, needs, and desires. This is equally challenging. For API testing, we have to consider both the end user (the person searching for books from Amazon) but also other developers, the people who build their own book sub-sites powered by Amazon. Also, the internal the ops team may needs to get information on how the API works. User experience at the second and third level is a little different.

I was building a few examples for API testing based a popular virtual Kanban tool by reviewing the documentation for their endpoints. One endpoint would to return a list of cards for a user, one returned all cards on a board, and one more that would return the contents of the cards for a user. The paths for these were subtly different and I ended up fumbling over them for an hour figuring out what was what. Sure, I could have reread the docs five more times to figure out why I wasn't getting the results I wanted. But, having paths more clearly defined would help too.

3. Lack of Hypermedia
Imagine developing an iOS app built on top of someone else's API. Eventually the developers of that API are going to want to make changes, sometimes this results in changing the paths to endpoints.

The result here is that everyone depending on that API has to update their code to adapt to the changes. Hopefully, they find out about the new version before complaints from users start flying into inboxes.

One way to reduce this strain is through usage of hypermedia.

My colleague, Ben Ramsey, says this:

"When an API uses hypermedia, the URLs are no longer important. Clients talking to the API do not need to code to URLs because the API will always convey where to go next through hypermedia relationships. If a URL changes, then there's no problem. The change gets communicated through the API. This leads to a more flexible and evolvable API that can change over time without needing to update all the clients."

Hypermedia simplifies API usage for your users. Instead of POSTing to example.com/api/v1/users/new, you POST to example.com/api/v1 and include a special reference inside of the data you send.

4. Authentication
Your data is the most important part of any non-trivial piece of software. That of course means that the data is held (hopefully) safety behind a wall that requires a username and password to get access. Sometimes, this is no big deal. I POST a message to the authentication endpoint with my username and password and in return get a token that I can use to authenticate and do the things I want to do.

Other times, I have to write an oAuth wrapper to handle authentication, which can be a big mess.

On behalf of API customers everywhere - please do not make me create a big mess.

If you have to create a complex authentication system, that's okay, just document how to get authorized, with sample code, in the software documentation. Ideally write a package that gets the token for the user in a few languages and a little psuedo-code on how to write them in their own. Stopping with a link to someone else's "easy" example that only works in C# or Java or obscures a step or two and requires more google searches, will guarantee confusion, frustration, and a lower adoption rate.

5. Headers, And Bodies, and Bears
APIs exist as a way to talk to software, we use them to send and receive data. Sometimes that data travels over the wire as a blob of JSON or XML, and sometimes the data gets passed through the URL in the form of a query string. Sometimes it is a combination of both of these things. One popular way to handle this is to send the data that authenticates a user as part of the URL query string, and the data you want to create or update as part of a JSON or XML blob.

Imagine working with an API that uses a combination of query strings throughout the software. A normal POST might look like:

POST example.com/api/v1/users/new?token=123456&newUser=userName

Required along with that was a JSON body with all of the other details on the new user. I bet the first few POSTs to this will fail while you learn that part of the new user is sent in the query string.

The most important thing here is to be consistent. Having to figure out that an endpoint won't work because, unlike everywhere else everything goes in the URL, takes time and builds frustration.

6. To Err Is Human
Everyone makes mistakes, and I've made plenty when trying to write JSON to POST to an endpoint. Documentation can help me figure out the format and specific nodes I need in a JSON body, but it probably won't help me find the typo that is causing your API to reject my POST. HTTP responses are pretty typical, and help to some degree. These will at minimum let me know the category of the mistake I've made.

Even better than that would be an error like this that points to the problem.
{

[errors:{"uname is a required field"}]

}

Your API probably doesn't suck, most people don't really have all of these problems all at the same time. Talking to your testers is a good way to start finding improvements. What problems are they having, and what is slowing them down everyday? They might point to a few of the ideas I have been talking about here, or maybe they will shed light on a new category of API problems.

How have you improved your API lately, let us know in the comments!

Read the original blog entry...

More Stories By SmartBear Blog

As the leader in software quality tools for the connected world, SmartBear supports more than two million software professionals and over 25,000 organizations in 90 countries that use its products to build and deliver the world’s greatest applications. With today’s applications deploying on mobile, Web, desktop, Internet of Things (IoT) or even embedded computing platforms, the connected nature of these applications through public and private APIs presents a unique set of challenges for developers, testers and operations teams. SmartBear's software quality tools assist with code review, functional and load testing, API readiness as well as performance monitoring of these modern applications.

IoT & Smart Cities Stories
The term "digital transformation" (DX) is being used by everyone for just about any company initiative that involves technology, the web, ecommerce, software, or even customer experience. While the term has certainly turned into a buzzword with a lot of hype, the transition to a more connected, digital world is real and comes with real challenges. In his opening keynote, Four Essentials To Become DX Hero Status Now, Jonathan Hoppe, Co-Founder and CTO of Total Uptime Technologies, shared that ...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...