Welcome!

Java IoT Authors: Jason Bloomberg, Zakia Bouachraoui, Pat Romanski, Elizabeth White, Liz McMillan

Related Topics: @CloudExpo, Java IoT, @DevOpsSummit

@CloudExpo: Blog Feed Post

Six Reasons Your API Is the Windows Vista of APIs By @JustinRohrman | @CloudExpo #API #Cloud

If you've developed an API, it exposes some functionality to users

Six Reasons Your API Is the Windows Vista of APIs
by Justin Rohrman

Does your API suck? Okay, that one needs a little explanation.

If you've developed an API, it exposes some functionality to users. It might suck to learn. The documentation might be unclear and the function signatures counter-intuitive. It might suck to use, doing a lot of things, but never particularly what you really need, right now.

After a great deal of working with companies developing new API functionality, and also building out demo material from publicly available APIs (starting with the thought "this should be easy ...") I have developed some opinions on the subject. Just like a restaurant that doesn't pay attention to detail, an awkward API can have a dozen small things that add up to a big problem. Misplaced silverware, a long wait time, a slow waiter, details wrong on the order ... no one of these will make you want to stand up and leave, but put together, they'll make sure you never come back.

No one thing will make your API suck, yet, just like the restaurant, there is an additive effect. Let's look at a few reasons your API might turn people off and figure out how to get them back.

1. Documentation
As a consumer of APIs, this is the first place I go to see what's going on. Hopefully the documentation has all the details I need on authentication and creating tokens, required headers and query strings, sample paths and results. Ideally, the API has a complete demo in every reasonably calling language - not just how to call the code through the web, but how to call the code in python, and how to get the support libraries you used. When I read API documentation, inevitably, at least one of these things is missing, and another is out of date and I get sent on a scavenger hunt for a new path or a header that could have been described more clearly. Problems like this don't ruin my day, but they sure don't make it better.

We live in the future; there are plenty of tools available to create the function signature and automatically update documentation each time a build runs. Documentation frameworks like Swagger are leading the way making documentation increasingly simple.

2. User Experience
Pinpointing users and what they value for run of the mill software is difficult. Everyone has their own goals, needs, and desires. This is equally challenging. For API testing, we have to consider both the end user (the person searching for books from Amazon) but also other developers, the people who build their own book sub-sites powered by Amazon. Also, the internal the ops team may needs to get information on how the API works. User experience at the second and third level is a little different.

I was building a few examples for API testing based a popular virtual Kanban tool by reviewing the documentation for their endpoints. One endpoint would to return a list of cards for a user, one returned all cards on a board, and one more that would return the contents of the cards for a user. The paths for these were subtly different and I ended up fumbling over them for an hour figuring out what was what. Sure, I could have reread the docs five more times to figure out why I wasn't getting the results I wanted. But, having paths more clearly defined would help too.

3. Lack of Hypermedia
Imagine developing an iOS app built on top of someone else's API. Eventually the developers of that API are going to want to make changes, sometimes this results in changing the paths to endpoints.

The result here is that everyone depending on that API has to update their code to adapt to the changes. Hopefully, they find out about the new version before complaints from users start flying into inboxes.

One way to reduce this strain is through usage of hypermedia.

My colleague, Ben Ramsey, says this:

"When an API uses hypermedia, the URLs are no longer important. Clients talking to the API do not need to code to URLs because the API will always convey where to go next through hypermedia relationships. If a URL changes, then there's no problem. The change gets communicated through the API. This leads to a more flexible and evolvable API that can change over time without needing to update all the clients."

Hypermedia simplifies API usage for your users. Instead of POSTing to example.com/api/v1/users/new, you POST to example.com/api/v1 and include a special reference inside of the data you send.

4. Authentication
Your data is the most important part of any non-trivial piece of software. That of course means that the data is held (hopefully) safety behind a wall that requires a username and password to get access. Sometimes, this is no big deal. I POST a message to the authentication endpoint with my username and password and in return get a token that I can use to authenticate and do the things I want to do.

Other times, I have to write an oAuth wrapper to handle authentication, which can be a big mess.

On behalf of API customers everywhere - please do not make me create a big mess.

If you have to create a complex authentication system, that's okay, just document how to get authorized, with sample code, in the software documentation. Ideally write a package that gets the token for the user in a few languages and a little psuedo-code on how to write them in their own. Stopping with a link to someone else's "easy" example that only works in C# or Java or obscures a step or two and requires more google searches, will guarantee confusion, frustration, and a lower adoption rate.

5. Headers, And Bodies, and Bears
APIs exist as a way to talk to software, we use them to send and receive data. Sometimes that data travels over the wire as a blob of JSON or XML, and sometimes the data gets passed through the URL in the form of a query string. Sometimes it is a combination of both of these things. One popular way to handle this is to send the data that authenticates a user as part of the URL query string, and the data you want to create or update as part of a JSON or XML blob.

Imagine working with an API that uses a combination of query strings throughout the software. A normal POST might look like:

POST example.com/api/v1/users/new?token=123456&newUser=userName

Required along with that was a JSON body with all of the other details on the new user. I bet the first few POSTs to this will fail while you learn that part of the new user is sent in the query string.

The most important thing here is to be consistent. Having to figure out that an endpoint won't work because, unlike everywhere else everything goes in the URL, takes time and builds frustration.

6. To Err Is Human
Everyone makes mistakes, and I've made plenty when trying to write JSON to POST to an endpoint. Documentation can help me figure out the format and specific nodes I need in a JSON body, but it probably won't help me find the typo that is causing your API to reject my POST. HTTP responses are pretty typical, and help to some degree. These will at minimum let me know the category of the mistake I've made.

Even better than that would be an error like this that points to the problem.
{

[errors:{"uname is a required field"}]

}

Your API probably doesn't suck, most people don't really have all of these problems all at the same time. Talking to your testers is a good way to start finding improvements. What problems are they having, and what is slowing them down everyday? They might point to a few of the ideas I have been talking about here, or maybe they will shed light on a new category of API problems.

How have you improved your API lately, let us know in the comments!

Read the original blog entry...

More Stories By SmartBear Blog

As the leader in software quality tools for the connected world, SmartBear supports more than two million software professionals and over 25,000 organizations in 90 countries that use its products to build and deliver the world’s greatest applications. With today’s applications deploying on mobile, Web, desktop, Internet of Things (IoT) or even embedded computing platforms, the connected nature of these applications through public and private APIs presents a unique set of challenges for developers, testers and operations teams. SmartBear's software quality tools assist with code review, functional and load testing, API readiness as well as performance monitoring of these modern applications.

IoT & Smart Cities Stories
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Cell networks have the advantage of long-range communications, reaching an estimated 90% of the world. But cell networks such as 2G, 3G and LTE consume lots of power and were designed for connecting people. They are not optimized for low- or battery-powered devices or for IoT applications with infrequently transmitted data. Cell IoT modules that support narrow-band IoT and 4G cell networks will enable cell connectivity, device management, and app enablement for low-power wide-area network IoT. B...
The hierarchical architecture that distributes "compute" within the network specially at the edge can enable new services by harnessing emerging technologies. But Edge-Compute comes at increased cost that needs to be managed and potentially augmented by creative architecture solutions as there will always a catching-up with the capacity demands. Processing power in smartphones has enhanced YoY and there is increasingly spare compute capacity that can be potentially pooled. Uber has successfully ...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...