Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
The Importance of Quality in your API
Architecture
Christof Sunthorn
Solutions Engineer
2
2009
15M+
users
12
24,000+
3 650+
customers
employees
founded global offices
open source initiatives
Proprietary & Confidential
3
Agenda
| APIs in our digitally connected world
| Challenges in API development
| Importance o...
Proprietary & Confidential
4
4
APIs are the foundation of our digitally connected world
Any Application
Any Device
Anywher...
Proprietary & Confidential
5
“The more APIs we create, the
more they become inconsistent
and difficult to understand and
s...
6
State of API 2020 - Standardization Tops API Challenges
| The more APIs created the more
challenges that emerge to
maint...
Importance of Quality
in your API architecture
8
Quality impacts API Consumer Loyalty
| API Consumers are less loyal now
than in previous years.
| When consumers run int...
Proprietary & Confidential
9
9
APIs are the foundation of our digitally connected world
Any Application
Any Device
Anywher...
Proprietary & Confidential
10
Company Assets & Services
Mobile Apps
Web Apps
Partner Apps
Cloud-Based
Services
Data
Today’...
Proprietary & Confidential
Real-World Examples
11
Organization Description No. of users affected
Panera Bread 2018, Panera...
Strategies to improve quality
Value of the API Definition
| API description formats like OpenAPI (formerly Swagger)
enable you to design an API
o create...
14
API Design Matters
| Consistency in API design is not a given
o Code-first, design-first
o Style guide, no style guide
...
API adoption is tied to consistent design
| If an API is to be used, consumers need a
guide to help them understand
o What...
16
API Standardization and Governance
| Gather input from all stakeholders to ensure API design
aligns to business purpose...
What Is API Security?
Proprietary & Confidential
17
“by 2022, API abuses will be the most-frequent attack vector
resulting...
 Only legitimate users can access the
system
 The system doesn’t allow users to
do more than they should
 Confidential ...
Proprietary & Confidential
19
Proprietary & Confidential
Summary
| APIs are the foundation of our digitally connected worl...
Proprietary & Confidential
20
Thank You
Any Questions?
How SmartBear Can Help
Proprietary & Confidential
21
Early
Testing
OpenAPI
Specification
Nächste SlideShare
Wird geladen in …5
×

apidays LIVE Singapore - The Importance of Quality in your API Architecture by Christof Sunthorn, SmartBear

apidays LIVE Singapore 2021 - Digitisation, Connected Services and Embedded Finance
April 21 & 22, 2021

The Importance of Quality in your API Architecture
Christof Sunthorn, Solutions Engineer at SmartBear

Ähnliche Bücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen

Ähnliche Hörbücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

apidays LIVE Singapore - The Importance of Quality in your API Architecture by Christof Sunthorn, SmartBear

  1. 1. The Importance of Quality in your API Architecture Christof Sunthorn Solutions Engineer
  2. 2. 2 2009 15M+ users 12 24,000+ 3 650+ customers employees founded global offices open source initiatives
  3. 3. Proprietary & Confidential 3 Agenda | APIs in our digitally connected world | Challenges in API development | Importance of quality in your API architecture | Strategies to improve quality | Standardisation and Governance | Collaboration | Security
  4. 4. Proprietary & Confidential 4 4 APIs are the foundation of our digitally connected world Any Application Any Device Anywhere Anytime Instant messaging AR/VR telepresence Document / database sharing Webcasting Telephone Email Enterprise social network Enterprise applications Smart watch Head- mounted displays Laptop/desktop Tablet Smartphone Home Work On the go Qualityisessentialtoensureapplicationswork APIs are essential to ensure connections
  5. 5. Proprietary & Confidential 5 “The more APIs we create, the more they become inconsistent and difficult to understand and support.” “Creating API documentation from scratch is time- consuming and error-prone.” “As an API designer, it’s difficult to get feedback on changes during the API development lifecycle.”​ “Our development teams lack a single source of truth on the API definition to be implemented.” API development has challenges… “APIs may fail to meet their business goals, even though there was agreement on a design.” “Quality issues are hurting API adoption.”
  6. 6. 6 State of API 2020 - Standardization Tops API Challenges | The more APIs created the more challenges that emerge to maintain consistency. | State of API 2020 Survey - Standardization continued to rank as the top challenge for all organizations as they attempt to scale API development. | Doubling in importance since 2016! The State of API 2020 Report, © 2020 SmartBear Software. All rights reserved. 59% 45% 39% 37% 37% 38% 36% 26% 1% 25% 10% 40% 38% 23% 18% 22% 12% 1% 0% 20% 40% 60% Standardization Versioning Security Easier Integration Between Tools Composability/Multi-Purpose Re-use Authentication Scalability Discoverability Other (please specify): Which API technology challenges do you most hope to see solved in the near future? (Select all that apply) 2020 All Responses 2016 All Responses
  7. 7. Importance of Quality in your API architecture
  8. 8. 8 Quality impacts API Consumer Loyalty | API Consumers are less loyal now than in previous years. | When consumers run into quality or performance issues with 3rd party APIs, they first report the problem and then look at their options. | Willingness to leave went from 30% in 2016, to 37% in 2020. 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Wait for the problem to resolve itself Report the problem publicly (i.e. online forum/community, social media) Report the problem to other external people that could be affected (Peers, customers, partners etc) Review service level agreements Switch to an alternate API provider temporarily Consider switching API providers permanently Report the problem internally to others within your organization Report the problem to the API provider As an API Consumer, how do you react upon encountering quality or performance issues with 3rd party APIs? (Please select all that apply) 2020 2018 2016 The State of API 2020 Report, © 2020 SmartBear Software. All rights reserved.
  9. 9. Proprietary & Confidential 9 9 APIs are the foundation of our digitally connected world Any Application Any Device Anywhere Anytime Instant messaging AR/VR telepresence Document / database sharing Webcasting Telephone Email Enterprise social network Enterprise applications Smart watch Head- mounted displays Laptop/desktop Tablet Smartphone Home Work On the go Qualityisessentialtoensureapplicationswork APIs are essential to ensure connections
  10. 10. Proprietary & Confidential 10 Company Assets & Services Mobile Apps Web Apps Partner Apps Cloud-Based Services Data Today’s APIs Connect Sensitive Data
  11. 11. Proprietary & Confidential Real-World Examples 11 Organization Description No. of users affected Panera Bread 2018, Panera revealed that 37 million customers had had their data exposed. Some reports attributed the breach to an unauthenticated API endpoint 37 million customers T-mobile 2018, attackers exploited a “leaky” API and exposed 2.3 million customers’ personal data. 2.3 million customers Capital One 2019, Capital One announced a breach that had given an attacker access to personal information of those who had applied for various credit products. Through a server-side request forgery, an attacker compromised an application and gained access to Capital One’s AWS-based infrastructure configuration API. 106 million customers Aarogya Setu (India’s COVID-19 contract tracing app) India’s COVID-19 contact tracing application had authorization weaknesses and validated parameters at client side rather than server side. In May 2020, a researcher reported that they could make direct API calls and manipulate parameters to get the COVID status of any neighborhood or location in India. All residents of India (~ 1.3B)
  12. 12. Strategies to improve quality
  13. 13. Value of the API Definition | API description formats like OpenAPI (formerly Swagger) enable you to design an API o create a definition that end users can utilize to understand how to best work with your API | API definitions are language-agnostic | Readable by both humans and machines | Enables parallel work streams – virtualization, testing, integration compatibility - all before coding
  14. 14. 14 API Design Matters | Consistency in API design is not a given o Code-first, design-first o Style guide, no style guide | Development teams today are distributed across departments, geographies, time zones | Collaboration is the rule, both internally and externally with partners | Without a focus on API design standards, it is difficult to create a consistent API consumer experience
  15. 15. API adoption is tied to consistent design | If an API is to be used, consumers need a guide to help them understand o What data is the API providing o What is its functionality o API protocols, formats, versions Gartner: December 16, 2020, How to Successfully Implement API Management “API design guidelines provide API developers with the information they need to create APIs in a consistent fashion. This increases the usability and, therefore, the adoption of APIs.” SwaggerHub Embedded Style Guide Flagging Standardization Error
  16. 16. 16 API Standardization and Governance | Gather input from all stakeholders to ensure API design aligns to business purpose | Design-first is preferred over code-first | Leverage a single source of truth for API definitions | Utilize an API style guide as initial step toward governance | Leverage custom rules to validate OpenAPI definitions for compliance with API design guidelines | Understand your API workflow Asset Library API_1 API_3 API_2 Design Guidelines ! ✔ ✔
  17. 17. What Is API Security? Proprietary & Confidential 17 “by 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.” Gartner Research Simply put, API security is protecting the APIs you build and consume from nefarious use. Because businesses transfer data and connect services via APIs – they are especially prone to attacks:
  18. 18.  Only legitimate users can access the system  The system doesn’t allow users to do more than they should  Confidential data can only be seen by intended users  Transaction information is protected Achieving API Security Goals Proprietary & Confidential 18  Identify and catalog APIs and endpoints  Assure and manage API user identities  Meet regulatory and compliance requirements  API design governance sets security context for each API type  API security testing – before, during, and after deployment – is the safety net
  19. 19. Proprietary & Confidential 19 Proprietary & Confidential Summary | APIs are the foundation of our digitally connected world | Quality is important to your API architecture | Adoption | Business operations down time and revenue lost | Security breaches | Improve quality through: | Standardisation and governance | Collaboration | Security
  20. 20. Proprietary & Confidential 20 Thank You Any Questions?
  21. 21. How SmartBear Can Help Proprietary & Confidential 21 Early Testing OpenAPI Specification

×