Java IoT Authors: Pat Romanski, Elizabeth White, Zakia Bouachraoui, William Schmarzo, Yeshim Deniz

Related Topics: @CloudExpo, Java IoT, @DevOpsSummit

@CloudExpo: Blog Feed Post

Six Reasons Your API Is the Windows Vista of APIs By @JustinRohrman | @CloudExpo #API #Cloud

If you've developed an API, it exposes some functionality to users

Six Reasons Your API Is the Windows Vista of APIs
by Justin Rohrman

Does your API suck? Okay, that one needs a little explanation.

If you've developed an API, it exposes some functionality to users. It might suck to learn. The documentation might be unclear and the function signatures counter-intuitive. It might suck to use, doing a lot of things, but never particularly what you really need, right now.

After a great deal of working with companies developing new API functionality, and also building out demo material from publicly available APIs (starting with the thought "this should be easy ...") I have developed some opinions on the subject. Just like a restaurant that doesn't pay attention to detail, an awkward API can have a dozen small things that add up to a big problem. Misplaced silverware, a long wait time, a slow waiter, details wrong on the order ... no one of these will make you want to stand up and leave, but put together, they'll make sure you never come back.

No one thing will make your API suck, yet, just like the restaurant, there is an additive effect. Let's look at a few reasons your API might turn people off and figure out how to get them back.

1. Documentation
As a consumer of APIs, this is the first place I go to see what's going on. Hopefully the documentation has all the details I need on authentication and creating tokens, required headers and query strings, sample paths and results. Ideally, the API has a complete demo in every reasonably calling language - not just how to call the code through the web, but how to call the code in python, and how to get the support libraries you used. When I read API documentation, inevitably, at least one of these things is missing, and another is out of date and I get sent on a scavenger hunt for a new path or a header that could have been described more clearly. Problems like this don't ruin my day, but they sure don't make it better.

We live in the future; there are plenty of tools available to create the function signature and automatically update documentation each time a build runs. Documentation frameworks like Swagger are leading the way making documentation increasingly simple.

2. User Experience
Pinpointing users and what they value for run of the mill software is difficult. Everyone has their own goals, needs, and desires. This is equally challenging. For API testing, we have to consider both the end user (the person searching for books from Amazon) but also other developers, the people who build their own book sub-sites powered by Amazon. Also, the internal the ops team may needs to get information on how the API works. User experience at the second and third level is a little different.

I was building a few examples for API testing based a popular virtual Kanban tool by reviewing the documentation for their endpoints. One endpoint would to return a list of cards for a user, one returned all cards on a board, and one more that would return the contents of the cards for a user. The paths for these were subtly different and I ended up fumbling over them for an hour figuring out what was what. Sure, I could have reread the docs five more times to figure out why I wasn't getting the results I wanted. But, having paths more clearly defined would help too.

3. Lack of Hypermedia
Imagine developing an iOS app built on top of someone else's API. Eventually the developers of that API are going to want to make changes, sometimes this results in changing the paths to endpoints.

The result here is that everyone depending on that API has to update their code to adapt to the changes. Hopefully, they find out about the new version before complaints from users start flying into inboxes.

One way to reduce this strain is through usage of hypermedia.

My colleague, Ben Ramsey, says this:

"When an API uses hypermedia, the URLs are no longer important. Clients talking to the API do not need to code to URLs because the API will always convey where to go next through hypermedia relationships. If a URL changes, then there's no problem. The change gets communicated through the API. This leads to a more flexible and evolvable API that can change over time without needing to update all the clients."

Hypermedia simplifies API usage for your users. Instead of POSTing to example.com/api/v1/users/new, you POST to example.com/api/v1 and include a special reference inside of the data you send.

4. Authentication
Your data is the most important part of any non-trivial piece of software. That of course means that the data is held (hopefully) safety behind a wall that requires a username and password to get access. Sometimes, this is no big deal. I POST a message to the authentication endpoint with my username and password and in return get a token that I can use to authenticate and do the things I want to do.

Other times, I have to write an oAuth wrapper to handle authentication, which can be a big mess.

On behalf of API customers everywhere - please do not make me create a big mess.

If you have to create a complex authentication system, that's okay, just document how to get authorized, with sample code, in the software documentation. Ideally write a package that gets the token for the user in a few languages and a little psuedo-code on how to write them in their own. Stopping with a link to someone else's "easy" example that only works in C# or Java or obscures a step or two and requires more google searches, will guarantee confusion, frustration, and a lower adoption rate.

5. Headers, And Bodies, and Bears
APIs exist as a way to talk to software, we use them to send and receive data. Sometimes that data travels over the wire as a blob of JSON or XML, and sometimes the data gets passed through the URL in the form of a query string. Sometimes it is a combination of both of these things. One popular way to handle this is to send the data that authenticates a user as part of the URL query string, and the data you want to create or update as part of a JSON or XML blob.

Imagine working with an API that uses a combination of query strings throughout the software. A normal POST might look like:

POST example.com/api/v1/users/new?token=123456&newUser=userName

Required along with that was a JSON body with all of the other details on the new user. I bet the first few POSTs to this will fail while you learn that part of the new user is sent in the query string.

The most important thing here is to be consistent. Having to figure out that an endpoint won't work because, unlike everywhere else everything goes in the URL, takes time and builds frustration.

6. To Err Is Human
Everyone makes mistakes, and I've made plenty when trying to write JSON to POST to an endpoint. Documentation can help me figure out the format and specific nodes I need in a JSON body, but it probably won't help me find the typo that is causing your API to reject my POST. HTTP responses are pretty typical, and help to some degree. These will at minimum let me know the category of the mistake I've made.

Even better than that would be an error like this that points to the problem.

[errors:{"uname is a required field"}]


Your API probably doesn't suck, most people don't really have all of these problems all at the same time. Talking to your testers is a good way to start finding improvements. What problems are they having, and what is slowing them down everyday? They might point to a few of the ideas I have been talking about here, or maybe they will shed light on a new category of API problems.

How have you improved your API lately, let us know in the comments!

Read the original blog entry...

More Stories By SmartBear Blog

As the leader in software quality tools for the connected world, SmartBear supports more than two million software professionals and over 25,000 organizations in 90 countries that use its products to build and deliver the world’s greatest applications. With today’s applications deploying on mobile, Web, desktop, Internet of Things (IoT) or even embedded computing platforms, the connected nature of these applications through public and private APIs presents a unique set of challenges for developers, testers and operations teams. SmartBear's software quality tools assist with code review, functional and load testing, API readiness as well as performance monitoring of these modern applications.

IoT & Smart Cities Stories
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
OpsRamp is an enterprise IT operation platform provided by US-based OpsRamp, Inc. It provides SaaS services through support for increasingly complex cloud and hybrid computing environments from system operation to service management. The OpsRamp platform is a SaaS-based, multi-tenant solution that enables enterprise IT organizations and cloud service providers like JBS the flexibility and control they need to manage and monitor today's hybrid, multi-cloud infrastructure, applications, and wor...
Apptio fuels digital business transformation. Technology leaders use Apptio's machine learning to analyze and plan their technology spend so they can invest in products that increase the speed of business and deliver innovation. With Apptio, they translate raw costs, utilization, and billing data into business-centric views that help their organization optimize spending, plan strategically, and drive digital strategy that funds growth of the business. Technology leaders can gather instant recomm...
The Master of Science in Artificial Intelligence (MSAI) provides a comprehensive framework of theory and practice in the emerging field of AI. The program delivers the foundational knowledge needed to explore both key contextual areas and complex technical applications of AI systems. Curriculum incorporates elements of data science, robotics, and machine learning-enabling you to pursue a holistic and interdisciplinary course of study while preparing for a position in AI research, operations, ...
After years of investments and acquisitions, CloudBlue was created with the goal of building the world's only hyperscale digital platform with an increasingly infinite ecosystem and proven go-to-market services. The result? An unmatched platform that helps customers streamline cloud operations, save time and money, and revolutionize their businesses overnight. Today, the platform operates in more than 45 countries and powers more than 200 of the world's largest cloud marketplaces, managing mo...
Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud workloads, networks, and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and investigation, enabling better, faster protection. With more than 6,00...
Tapping into blockchain revolution early enough translates into a substantial business competitiveness advantage. Codete comprehensively develops custom, blockchain-based business solutions, founded on the most advanced cryptographic innovations, and striking a balance point between complexity of the technologies used in quickly-changing stack building, business impact, and cost-effectiveness. Codete researches and provides business consultancy in the field of single most thrilling innovative te...
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and Bi...