SlideShare a Scribd company logo

API Design: When to buck the trend and avoid pragmatic REST, one size fits all, JSON, OAuth, and versioning in the URI

Download as PPTX, PDF
Apigee | Google Cloud
Apigee | Google Cloud

This document discusses trends in API design and when it may be appropriate to deviate from trends. It summarizes Netflix's case study in moving away from a RESTful, one-size-fits-all API and instead implementing device-specific APIs. The document also discusses trends around REST, JSON, OAuth, and API versioning and alternatives that may provide more flexibility depending on a system's needs and clients.

Technology
1 of 49
API Design: When to buck the trend Netflix API case study with Daniel Jacobson groups.google.com/group/api-craft Daniel Jacobson Greg Brail Netflix Apigee @daniel_jacobson @gbrail
groups.google.com/group/api-craft
youtube.com/apigee
slideshare.net/apigee
http://tinyurl.com/api-strategy-book
@daniel_jacobson @gbrail Daniel Jacobson Greg Brail
What’s the trend? Pragmatic REST style One size fits all JSON OAuth API versioning in the URI
Trend: PRAGMATIC REST
Pragmatic REST – most common style today URIs are carefully designed Each URI represents a “resource” Resource actions are defined by HTTP verbs GET (read), POST (create), PUT (update), DELETE
Pragmatic REST alternatives Pure REST Ad-hoc XML / JSON over HTTP SOAP
Alternative: pure REST Quick definition: A REST API as defined by Roy Fielding http://en.wikipedia.org/wiki/REST and followers http://martinfowler.com/articles/richardsonMaturityModel.html
Alternative: pure REST Flexible, powerful, and evolvable over decades… Slow, hard to program, and rare
So who cares about REST? Most APIs that call themselves “REST” are not actually REST by the pure definition So pure REST APIs buck the trend. Why? The server implementation can change URIs The URI structure is not documented – clients follow links So, the server implementation can change the whole structure of the API In theory, the API can evolve forever without ever being “incompatible”
Trend: ONE SIZE FITS ALL
One size fits all Does it make sense to have the same API for all developers?
One size fits all – why yes? API team can focus on one precise, well-documented API Reduce training costs across development teams Can support an unlimited number of known and unknown developers
One size fits all – why not? Treats all clients generically, so optimized for none API team becomes bottleneck for UI development
One size fits all – why not? Some of the many client differences: Memory capacity Distinct markup types (XML, JSON) Flat vs. Hierarchical document models Screen real estate Document delivery User interaction models
How do you know if your company is ready to consider alternatives to the one-size-fits-all API model? Small number of targeted API consumers is the top priority Very close relationships between these API consumers and the API team Increasing divergence of needs across the top priority API consumers Strong desire by the API consumers for more optimized interactions with the API High value proposition for the API provider to make these API consumers as effective as possible
Netflix’s approach against one-size-fits-all API Embrace the differences of the devices Separate content gathering from content formatting and delivery Redefine the border between client and server Distribute innovation
Netflix REST API Model Network Border Network Border REST API START- A/B MEMBER RECOMME MOVIE SIMILAR AUTH NDATIONS RATINGS UP TESTS DATA DATA MOVIES
Netflix New Non-REST API Model Network Border Network Border JAVA API START- A/B MEMBER RECOMME MOVIE SIMILAR AUTH NDATIONS RATINGS UP TESTS DATA DATA MOVIES
Netflix REST API Model CLIENT CODE Network Border Network Border REST API SERVER CODE START- A/B MEMBER RECOMME MOVIE SIMILAR AUTH NDATIONS RATINGS UP TESTS DATA DATA MOVIES
Netflix New Non-REST API Model CLIENT CODE Network Border Network Border CLIENT ADAPTER CODE (ON SERVER) JAVA API SERVER CODE RECOMME START- A/B MEMBER NDATIONSA MOVIE SIMILAR AUTH ZXSXX C RATINGS UP TESTS DATA DATA MOVIES CCC
One size fits all – other alternatives Why not have both? Layer the different APIs over a common API
One size fits all – other alternatives
One size fits all – other alternatives Other alternatives provide greater flexibility but still have server teams dictate rules Doesn’t alleviate server team bottleneck issue
Trend: JSON
JSON Conventional Wisdom JSON and XML are exactly the same JSON is always smaller than XML JSON is always faster to parse than XML All clients can parse JSON All servers can produce JSON
JSON considerations Not all devices support JSON out of the box Different devices may require different XML schemas Some devices prefer full document delivery and others prefer streaming bits XML and JSON aren’t all that different in size once you compress them XML has a different data model than JSON
More JSON considerations There are many more tools built around XML today than there are built around JSON XML offers more semantic context than JSON Saying XML or JSON is not enough – both can support very different document models
JSON advice Design the guts of the API to separate data gathering from data formatting Add a mediation layer (in your code our outside) to render the right format If in doubt, support JSON internally, and support conversion to other formats as a wrapper JSON -> XML is easier than XML -> JSON
Trend: OAUTH
OAuth – super-big trend in APIs Essential for APIs that authenticate end users Unknown (to you) developers Mobile and native clients
OAuth alternatives Cookies Netflix’s new approach Great for apps that are based on browsers Great if API consumers are very close to API team
OAuth alternatives HTTP Basic Auth + SSL Two-way SSL Both are great for server-to-server APIs
OAuth alternatives API keys only “Two-legged” access when there is no “user”
Trend: API VERSIONING IN URI
Versioning Many APIs include a version number in the URI (like api.foo.com/v1) Hostname (v1.api.foo.com) Query parameter (api.foo.com/v1/bar?version=1) Content-type header The version number represents the interface version The number changes, although rarely
Can an API call have NO version? If you can achieve it, maintenance will be MUCH simpler If you cannot, it instills better practices Reduces lazy programming Results in fewer versions Results in a cleaner, less brittle system And keep in mind, adding new features typically does not require a new version… Schematic or structural changes, however, do
Average life of a TV: 7-10 years
Versioning 1.0 1.5 2.0 3.0? 4.0? 5.0? Today 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020
Versioning 1.0 1.5 2.0 New API Today 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020
groups.google.com/group/api-craft
THANK YOU Questions and ideas to: @gbrail @daniel_jacobson groups.google.com/group/api-craft

Recommended

Test Data Management a Managed Service for Software Quality Assurance
Test Data Management a Managed Service for Software Quality AssuranceTest Data Management a Managed Service for Software Quality Assurance
Test Data Management a Managed Service for Software Quality AssuranceSoftware Testing Solution
 
Introduction to Test Automation - Technology and Tools
Introduction to Test Automation - Technology and ToolsIntroduction to Test Automation - Technology and Tools
Introduction to Test Automation - Technology and ToolsKMS Technology
 
Robot Framework Introduction
Robot Framework IntroductionRobot Framework Introduction
Robot Framework IntroductionPekka Klärck
 
Salesforce DevOps: Where Do You Start?
Salesforce DevOps: Where Do You Start?Salesforce DevOps: Where Do You Start?
Salesforce DevOps: Where Do You Start?Chandler Anderson
 
Using Postman to Automate API On-Boarding
Using Postman to Automate API On-BoardingUsing Postman to Automate API On-Boarding
Using Postman to Automate API On-BoardingPostman
 
Introduction to Unit Testing, BDD and Mocking using TestBox & MockBox at Adob...
Introduction to Unit Testing, BDD and Mocking using TestBox & MockBox at Adob...Introduction to Unit Testing, BDD and Mocking using TestBox & MockBox at Adob...
Introduction to Unit Testing, BDD and Mocking using TestBox & MockBox at Adob...Uma Ghotikar
 
A Product Manager's Place in a DevOps World
A Product Manager's Place in a DevOps WorldA Product Manager's Place in a DevOps World
A Product Manager's Place in a DevOps WorldAtlassian
 
Customer case - Dynatrace Monitoring Redefined
Customer case - Dynatrace Monitoring RedefinedCustomer case - Dynatrace Monitoring Redefined
Customer case - Dynatrace Monitoring RedefinedMichel Duruel
 

Recommended

Test Data Management a Managed Service for Software Quality Assurance
Test Data Management a Managed Service for Software Quality AssuranceTest Data Management a Managed Service for Software Quality Assurance
Test Data Management a Managed Service for Software Quality AssuranceSoftware Testing Solution
 
Introduction to Test Automation - Technology and Tools
Introduction to Test Automation - Technology and ToolsIntroduction to Test Automation - Technology and Tools
Introduction to Test Automation - Technology and ToolsKMS Technology
 
Robot Framework Introduction
Robot Framework IntroductionRobot Framework Introduction
Robot Framework IntroductionPekka Klärck
 
Salesforce DevOps: Where Do You Start?
Salesforce DevOps: Where Do You Start?Salesforce DevOps: Where Do You Start?
Salesforce DevOps: Where Do You Start?Chandler Anderson
 
Using Postman to Automate API On-Boarding
Using Postman to Automate API On-BoardingUsing Postman to Automate API On-Boarding
Using Postman to Automate API On-BoardingPostman
 
Introduction to Unit Testing, BDD and Mocking using TestBox & MockBox at Adob...
Introduction to Unit Testing, BDD and Mocking using TestBox & MockBox at Adob...Introduction to Unit Testing, BDD and Mocking using TestBox & MockBox at Adob...
Introduction to Unit Testing, BDD and Mocking using TestBox & MockBox at Adob...Uma Ghotikar
 
A Product Manager's Place in a DevOps World
A Product Manager's Place in a DevOps WorldA Product Manager's Place in a DevOps World
A Product Manager's Place in a DevOps WorldAtlassian
 
Customer case - Dynatrace Monitoring Redefined
Customer case - Dynatrace Monitoring RedefinedCustomer case - Dynatrace Monitoring Redefined
Customer case - Dynatrace Monitoring RedefinedMichel Duruel
 
Selenium ppt
Selenium pptSelenium ppt
Selenium pptAneesh Rangarajan
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Amazon Web Services
 
Test Data Management: The Underestimated Pain
Test Data Management: The Underestimated PainTest Data Management: The Underestimated Pain
Test Data Management: The Underestimated PainChelsea Frischknecht
 
Ich will agil testen! was muss ich können iqnite 2014 - verison 2.0
Ich will agil testen! was muss ich können iqnite 2014 - verison 2.0Ich will agil testen! was muss ich können iqnite 2014 - verison 2.0
Ich will agil testen! was muss ich können iqnite 2014 - verison 2.0Michael Fischlein
 
Postman
PostmanPostman
PostmanIgor Shubovych
 
Introduction to Test Automation
Introduction to Test AutomationIntroduction to Test Automation
Introduction to Test AutomationPekka Klärck
 
Test Automation Framework Designs
Test Automation Framework DesignsTest Automation Framework Designs
Test Automation Framework DesignsSauce Labs
 
Postman Introduction
Postman IntroductionPostman Introduction
Postman IntroductionRahul Agarwal
 
Qa process 2012
Qa process 2012Qa process 2012
Qa process 2012ashokack
 
CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsCI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsAmazon Web Services
 
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery ExplainediOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery ExplainedSemaphore
 
Selenium test automation
Selenium test automationSelenium test automation
Selenium test automationSrikanth Vuriti
 
Test data management
Test data managementTest data management
Test data managementOnur Erdogan
 
Infographic: Importance of Performance Testing
Infographic: Importance of Performance TestingInfographic: Importance of Performance Testing
Infographic: Importance of Performance TestingKiwiQA
 
SignalR Overview
SignalR OverviewSignalR Overview
SignalR OverviewMichael Sukachev
 
Web services SOAP
Web services SOAPWeb services SOAP
Web services SOAPprinceirfancivil
 
Steps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQL
Steps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQLSteps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQL
Steps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQLconfluent
 
Qa exploratory test charter template
Qa exploratory test charter templateQa exploratory test charter template
Qa exploratory test charter templateRob Swoboda
 
The Top 5 Event Streaming Use Cases & Architectures in 2021
The Top 5 Event Streaming Use Cases & Architectures in 2021The Top 5 Event Streaming Use Cases & Architectures in 2021
The Top 5 Event Streaming Use Cases & Architectures in 2021confluent
 
Test automation wipro
Test automation wiproTest automation wipro
Test automation wiproambreprasad77
 
RESTful API Design, Second Edition
RESTful API Design, Second EditionRESTful API Design, Second Edition
RESTful API Design, Second EditionApigee | Google Cloud
 
API Trends: What to expect in 2012
API Trends: What to expect in 2012API Trends: What to expect in 2012
API Trends: What to expect in 2012Apigee | Google Cloud
 

More Related Content

What's hot

Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Amazon Web Services
 
Test Data Management: The Underestimated Pain
Test Data Management: The Underestimated PainTest Data Management: The Underestimated Pain
Test Data Management: The Underestimated PainChelsea Frischknecht
 
Ich will agil testen! was muss ich können iqnite 2014 - verison 2.0
Ich will agil testen! was muss ich können iqnite 2014 - verison 2.0Ich will agil testen! was muss ich können iqnite 2014 - verison 2.0
Ich will agil testen! was muss ich können iqnite 2014 - verison 2.0Michael Fischlein
 
Introduction to Test Automation
Introduction to Test AutomationIntroduction to Test Automation
Introduction to Test AutomationPekka Klärck
 
Test Automation Framework Designs
Test Automation Framework DesignsTest Automation Framework Designs
Test Automation Framework DesignsSauce Labs
 
Postman Introduction
Postman IntroductionPostman Introduction
Postman IntroductionRahul Agarwal
 
Qa process 2012
Qa process 2012Qa process 2012
Qa process 2012ashokack
 
CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsCI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsAmazon Web Services
 
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery ExplainediOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery ExplainedSemaphore
 
Selenium test automation
Selenium test automationSelenium test automation
Selenium test automationSrikanth Vuriti
 
Test data management
Test data managementTest data management
Test data managementOnur Erdogan
 
Infographic: Importance of Performance Testing
Infographic: Importance of Performance TestingInfographic: Importance of Performance Testing
Infographic: Importance of Performance TestingKiwiQA
 
Steps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQL
Steps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQLSteps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQL
Steps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQLconfluent
 
Qa exploratory test charter template
Qa exploratory test charter templateQa exploratory test charter template
Qa exploratory test charter templateRob Swoboda
 
The Top 5 Event Streaming Use Cases & Architectures in 2021
The Top 5 Event Streaming Use Cases & Architectures in 2021The Top 5 Event Streaming Use Cases & Architectures in 2021
The Top 5 Event Streaming Use Cases & Architectures in 2021confluent
 
Test automation wipro
Test automation wiproTest automation wipro
Test automation wiproambreprasad77
 

What's hot (20)

Selenium ppt
Selenium pptSelenium ppt
Selenium ppt
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration
 
Test Data Management: The Underestimated Pain
Test Data Management: The Underestimated PainTest Data Management: The Underestimated Pain
Test Data Management: The Underestimated Pain
 
Ich will agil testen! was muss ich können iqnite 2014 - verison 2.0
Ich will agil testen! was muss ich können iqnite 2014 - verison 2.0Ich will agil testen! was muss ich können iqnite 2014 - verison 2.0
Ich will agil testen! was muss ich können iqnite 2014 - verison 2.0
 
Postman
PostmanPostman
Postman
 
Introduction to Test Automation
Introduction to Test AutomationIntroduction to Test Automation
Introduction to Test Automation
 
Test Automation Framework Designs
Test Automation Framework DesignsTest Automation Framework Designs
Test Automation Framework Designs
 
Postman Introduction
Postman IntroductionPostman Introduction
Postman Introduction
 
Qa process 2012
Qa process 2012Qa process 2012
Qa process 2012
 
CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsCI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
 
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery ExplainediOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
 
Selenium test automation
Selenium test automationSelenium test automation
Selenium test automation
 
Test data management
Test data managementTest data management
Test data management
 
Infographic: Importance of Performance Testing
Infographic: Importance of Performance TestingInfographic: Importance of Performance Testing
Infographic: Importance of Performance Testing
 
SignalR Overview
SignalR OverviewSignalR Overview
SignalR Overview
 
Web services SOAP
Web services SOAPWeb services SOAP
Web services SOAP
 
Steps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQL
Steps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQLSteps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQL
Steps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQL
 
Qa exploratory test charter template
Qa exploratory test charter templateQa exploratory test charter template
Qa exploratory test charter template
 
The Top 5 Event Streaming Use Cases & Architectures in 2021
The Top 5 Event Streaming Use Cases & Architectures in 2021The Top 5 Event Streaming Use Cases & Architectures in 2021
The Top 5 Event Streaming Use Cases & Architectures in 2021
 
Test automation wipro
Test automation wiproTest automation wipro
Test automation wipro
 

Viewers also liked

OData Introduction and Impact on API Design (Webcast)
OData Introduction and Impact on API Design (Webcast)OData Introduction and Impact on API Design (Webcast)
OData Introduction and Impact on API Design (Webcast)Apigee | Google Cloud
 
Building Your API for Longevity
Building Your API for LongevityBuilding Your API for Longevity
Building Your API for LongevityMuleSoft
 
HATEOAS 101 - Opinionated Introduction to a REST API Style
HATEOAS 101 - Opinionated Introduction to a REST API StyleHATEOAS 101 - Opinionated Introduction to a REST API Style
HATEOAS 101 - Opinionated Introduction to a REST API StyleApigee | Google Cloud
 

Viewers also liked (8)

RESTful API Design, Second Edition
RESTful API Design, Second EditionRESTful API Design, Second Edition
RESTful API Design, Second Edition
 
API Trends: What to expect in 2012
API Trends: What to expect in 2012API Trends: What to expect in 2012
API Trends: What to expect in 2012
 
OData Introduction and Impact on API Design (Webcast)
OData Introduction and Impact on API Design (Webcast)OData Introduction and Impact on API Design (Webcast)
OData Introduction and Impact on API Design (Webcast)
 
2017 API Catalog
2017 API Catalog2017 API Catalog
2017 API Catalog
 
Building Your API for Longevity
Building Your API for LongevityBuilding Your API for Longevity
Building Your API for Longevity
 
History of house
History of houseHistory of house
History of house
 
API Design - 3rd Edition
API Design - 3rd EditionAPI Design - 3rd Edition
API Design - 3rd Edition
 
HATEOAS 101 - Opinionated Introduction to a REST API Style
HATEOAS 101 - Opinionated Introduction to a REST API StyleHATEOAS 101 - Opinionated Introduction to a REST API Style
HATEOAS 101 - Opinionated Introduction to a REST API Style
 

Similar to API Design: When to buck the trend and avoid pragmatic REST, one size fits all, JSON, OAuth, and versioning in the URI

Set Your Content Free! : Case Studies from Netflix and NPR
Set Your Content Free! : Case Studies from Netflix and NPRSet Your Content Free! : Case Studies from Netflix and NPR
Set Your Content Free! : Case Studies from Netflix and NPRDaniel Jacobson
 
Toronto node js_meetup
Toronto node js_meetupToronto node js_meetup
Toronto node js_meetupShubhra Kar
 
Ibm_interconnect_restapi_workshop
Ibm_interconnect_restapi_workshopIbm_interconnect_restapi_workshop
Ibm_interconnect_restapi_workshopShubhra Kar
 
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise ArchitecturesBIOVIA
 
Techniques for Scaling the Netflix API - QCon SF
Techniques for Scaling the Netflix API - QCon SFTechniques for Scaling the Netflix API - QCon SF
Techniques for Scaling the Netflix API - QCon SFDaniel Jacobson
 
A great api is hard to find
A great api is hard to findA great api is hard to find
A great api is hard to findDan Diephouse
 
Maintaining the Front Door to Netflix : The Netflix API
Maintaining the Front Door to Netflix : The Netflix APIMaintaining the Front Door to Netflix : The Netflix API
Maintaining the Front Door to Netflix : The Netflix APIDaniel Jacobson
 
Service Testing. WTF Does This API Do
Service Testing. WTF Does This API Do Service Testing. WTF Does This API Do
Service Testing. WTF Does This API Do Globant
 
New Ways To Engage With Tiempo 2011
New Ways To Engage With Tiempo 2011New Ways To Engage With Tiempo 2011
New Ways To Engage With Tiempo 2011Tiempo Development
 
Netflix API - Presentation to PayPal
Netflix API - Presentation to PayPalNetflix API - Presentation to PayPal
Netflix API - Presentation to PayPalDaniel Jacobson
 
Building a Great Web API - Evan Cooke - QCON 2011
Building a Great Web API - Evan Cooke - QCON 2011Building a Great Web API - Evan Cooke - QCON 2011
Building a Great Web API - Evan Cooke - QCON 2011Twilio Inc
 
Open Ap Is State Of The Market
Open Ap Is State Of The MarketOpen Ap Is State Of The Market
Open Ap Is State Of The MarketConSanFrancisco123
 
REST - What's It All About? (SAP TechEd 2012, CD110)
REST - What's It All About? (SAP TechEd 2012, CD110)REST - What's It All About? (SAP TechEd 2012, CD110)
REST - What's It All About? (SAP TechEd 2012, CD110)Sascha Wenninger
 
Evaluating and Testing Web APIs
Evaluating and Testing Web APIsEvaluating and Testing Web APIs
Evaluating and Testing Web APIsSmartBear
 
API Strategy Evolution at Netflix
API Strategy Evolution at NetflixAPI Strategy Evolution at Netflix
API Strategy Evolution at NetflixMichael Hart
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management SeminarCA API Management
 
Triangle Node Meetup : APIs in Minutes with Node.js
Triangle Node Meetup : APIs in Minutes with Node.jsTriangle Node Meetup : APIs in Minutes with Node.js
Triangle Node Meetup : APIs in Minutes with Node.jsShubhra Kar
 
Node.js Frameworks & Design Patterns Webinar
Node.js Frameworks & Design Patterns WebinarNode.js Frameworks & Design Patterns Webinar
Node.js Frameworks & Design Patterns WebinarShubhra Kar
 
The future-of-netflix-api
The future-of-netflix-apiThe future-of-netflix-api
The future-of-netflix-apiDaniel Jacobson
 

Similar to API Design: When to buck the trend and avoid pragmatic REST, one size fits all, JSON, OAuth, and versioning in the URI (20)

Set Your Content Free! : Case Studies from Netflix and NPR
Set Your Content Free! : Case Studies from Netflix and NPRSet Your Content Free! : Case Studies from Netflix and NPR
Set Your Content Free! : Case Studies from Netflix and NPR
 
Toronto node js_meetup
Toronto node js_meetupToronto node js_meetup
Toronto node js_meetup
 
Ibm_interconnect_restapi_workshop
Ibm_interconnect_restapi_workshopIbm_interconnect_restapi_workshop
Ibm_interconnect_restapi_workshop
 
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
 
Techniques for Scaling the Netflix API - QCon SF
Techniques for Scaling the Netflix API - QCon SFTechniques for Scaling the Netflix API - QCon SF
Techniques for Scaling the Netflix API - QCon SF
 
A great api is hard to find
A great api is hard to findA great api is hard to find
A great api is hard to find
 
Maintaining the Front Door to Netflix : The Netflix API
Maintaining the Front Door to Netflix : The Netflix APIMaintaining the Front Door to Netflix : The Netflix API
Maintaining the Front Door to Netflix : The Netflix API
 
Service Testing. WTF Does This API Do
Service Testing. WTF Does This API Do Service Testing. WTF Does This API Do
Service Testing. WTF Does This API Do
 
New Ways To Engage With Tiempo 2011
New Ways To Engage With Tiempo 2011New Ways To Engage With Tiempo 2011
New Ways To Engage With Tiempo 2011
 
Netflix API - Presentation to PayPal
Netflix API - Presentation to PayPalNetflix API - Presentation to PayPal
Netflix API - Presentation to PayPal
 
Building a Great Web API - Evan Cooke - QCON 2011
Building a Great Web API - Evan Cooke - QCON 2011Building a Great Web API - Evan Cooke - QCON 2011
Building a Great Web API - Evan Cooke - QCON 2011
 
Open Ap Is State Of The Market
Open Ap Is State Of The MarketOpen Ap Is State Of The Market
Open Ap Is State Of The Market
 
REST - What's It All About? (SAP TechEd 2012, CD110)
REST - What's It All About? (SAP TechEd 2012, CD110)REST - What's It All About? (SAP TechEd 2012, CD110)
REST - What's It All About? (SAP TechEd 2012, CD110)
 
Evaluating and Testing Web APIs
Evaluating and Testing Web APIsEvaluating and Testing Web APIs
Evaluating and Testing Web APIs
 
API Strategy Evolution at Netflix
API Strategy Evolution at NetflixAPI Strategy Evolution at Netflix
API Strategy Evolution at Netflix
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management Seminar
 
Scaling the Netflix API
Scaling the Netflix APIScaling the Netflix API
Scaling the Netflix API
 
Triangle Node Meetup : APIs in Minutes with Node.js
Triangle Node Meetup : APIs in Minutes with Node.jsTriangle Node Meetup : APIs in Minutes with Node.js
Triangle Node Meetup : APIs in Minutes with Node.js
 
Node.js Frameworks & Design Patterns Webinar
Node.js Frameworks & Design Patterns WebinarNode.js Frameworks & Design Patterns Webinar
Node.js Frameworks & Design Patterns Webinar
 
The future-of-netflix-api
The future-of-netflix-apiThe future-of-netflix-api
The future-of-netflix-api
 

More from Apigee | Google Cloud

Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Apigee | Google Cloud
 
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldApigee | Google Cloud
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Apigee | Google Cloud
 
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketApigee | Google Cloud
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsApigee | Google Cloud
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessApigee | Google Cloud
 
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorApigee | Google Cloud
 
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailApigee | Google Cloud
 
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranApigee | Google Cloud
 
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!Apigee | Google Cloud
 

More from Apigee | Google Cloud (20)

How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
 
Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)
 
Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
 
Ticketmaster at a glance
Ticketmaster at a glanceTicketmaster at a glance
Ticketmaster at a glance
 
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First World
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
 
Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2
 
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management Market
 
Walgreens at a glance
Walgreens at a glanceWalgreens at a glance
Walgreens at a glance
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices Deployments
 
Pitney Bowes at a glance
Pitney Bowes at a glancePitney Bowes at a glance
Pitney Bowes at a glance
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
 
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet Kapoor
 
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg Brail
 
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant Jhingran
 
London Adapt or Die: Opening Keynot
London Adapt or Die: Opening KeynotLondon Adapt or Die: Opening Keynot
London Adapt or Die: Opening Keynot
 
London Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynoteLondon Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynote
 
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!
 

Recently uploaded

Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 

API Design: When to buck the trend and avoid pragmatic REST, one size fits all, JSON, OAuth, and versioning in the URI

  • 1. API Design: When to buck the trend Netflix API case study with Daniel Jacobson groups.google.com/group/api-craft Daniel Jacobson Greg Brail Netflix Apigee @daniel_jacobson @gbrail
  • 6. @daniel_jacobson @gbrail Daniel Jacobson Greg Brail
  • 7. What’s the trend? Pragmatic REST style One size fits all JSON OAuth API versioning in the URI
  • 9. Pragmatic REST – most common style today URIs are carefully designed Each URI represents a “resource” Resource actions are defined by HTTP verbs GET (read), POST (create), PUT (update), DELETE
  • 10. Pragmatic REST alternatives Pure REST Ad-hoc XML / JSON over HTTP SOAP
  • 11. Alternative: pure REST Quick definition: A REST API as defined by Roy Fielding http://en.wikipedia.org/wiki/REST and followers http://martinfowler.com/articles/richardsonMaturityModel.html
  • 12. Alternative: pure REST Flexible, powerful, and evolvable over decades… Slow, hard to program, and rare
  • 13. So who cares about REST? Most APIs that call themselves “REST” are not actually REST by the pure definition So pure REST APIs buck the trend. Why? The server implementation can change URIs The URI structure is not documented – clients follow links So, the server implementation can change the whole structure of the API In theory, the API can evolve forever without ever being “incompatible”
  • 15. One size fits all Does it make sense to have the same API for all developers?
  • 16. One size fits all – why yes? API team can focus on one precise, well-documented API Reduce training costs across development teams Can support an unlimited number of known and unknown developers
  • 17. One size fits all – why not? Treats all clients generically, so optimized for none API team becomes bottleneck for UI development
  • 18.
  • 19. One size fits all – why not? Some of the many client differences: Memory capacity Distinct markup types (XML, JSON) Flat vs. Hierarchical document models Screen real estate Document delivery User interaction models
  • 20.
  • 21.
  • 22. How do you know if your company is ready to consider alternatives to the one-size-fits-all API model? Small number of targeted API consumers is the top priority Very close relationships between these API consumers and the API team Increasing divergence of needs across the top priority API consumers Strong desire by the API consumers for more optimized interactions with the API High value proposition for the API provider to make these API consumers as effective as possible
  • 23. Netflix’s approach against one-size-fits-all API Embrace the differences of the devices Separate content gathering from content formatting and delivery Redefine the border between client and server Distribute innovation
  • 24. Netflix REST API Model Network Border Network Border REST API START- A/B MEMBER RECOMME MOVIE SIMILAR AUTH NDATIONS RATINGS UP TESTS DATA DATA MOVIES
  • 25. Netflix New Non-REST API Model Network Border Network Border JAVA API START- A/B MEMBER RECOMME MOVIE SIMILAR AUTH NDATIONS RATINGS UP TESTS DATA DATA MOVIES
  • 26. Netflix REST API Model CLIENT CODE Network Border Network Border REST API SERVER CODE START- A/B MEMBER RECOMME MOVIE SIMILAR AUTH NDATIONS RATINGS UP TESTS DATA DATA MOVIES
  • 27. Netflix New Non-REST API Model CLIENT CODE Network Border Network Border CLIENT ADAPTER CODE (ON SERVER) JAVA API SERVER CODE RECOMME START- A/B MEMBER NDATIONSA MOVIE SIMILAR AUTH ZXSXX C RATINGS UP TESTS DATA DATA MOVIES CCC
  • 28. One size fits all – other alternatives Why not have both? Layer the different APIs over a common API
  • 29. One size fits all – other alternatives
  • 30. One size fits all – other alternatives Other alternatives provide greater flexibility but still have server teams dictate rules Doesn’t alleviate server team bottleneck issue
  • 32.
  • 33. JSON Conventional Wisdom JSON and XML are exactly the same JSON is always smaller than XML JSON is always faster to parse than XML All clients can parse JSON All servers can produce JSON
  • 34. JSON considerations Not all devices support JSON out of the box Different devices may require different XML schemas Some devices prefer full document delivery and others prefer streaming bits XML and JSON aren’t all that different in size once you compress them XML has a different data model than JSON
  • 35. More JSON considerations There are many more tools built around XML today than there are built around JSON XML offers more semantic context than JSON Saying XML or JSON is not enough – both can support very different document models
  • 36. JSON advice Design the guts of the API to separate data gathering from data formatting Add a mediation layer (in your code our outside) to render the right format If in doubt, support JSON internally, and support conversion to other formats as a wrapper JSON -> XML is easier than XML -> JSON
  • 38. OAuth – super-big trend in APIs Essential for APIs that authenticate end users Unknown (to you) developers Mobile and native clients
  • 39. OAuth alternatives Cookies Netflix’s new approach Great for apps that are based on browsers Great if API consumers are very close to API team
  • 40. OAuth alternatives HTTP Basic Auth + SSL Two-way SSL Both are great for server-to-server APIs
  • 41. OAuth alternatives API keys only “Two-legged” access when there is no “user”
  • 43. Versioning Many APIs include a version number in the URI (like api.foo.com/v1) Hostname (v1.api.foo.com) Query parameter (api.foo.com/v1/bar?version=1) Content-type header The version number represents the interface version The number changes, although rarely
  • 44. Can an API call have NO version? If you can achieve it, maintenance will be MUCH simpler If you cannot, it instills better practices Reduces lazy programming Results in fewer versions Results in a cleaner, less brittle system And keep in mind, adding new features typically does not require a new version… Schematic or structural changes, however, do
  • 45. Average life of a TV: 7-10 years
  • 46. Versioning 1.0 1.5 2.0 3.0? 4.0? 5.0? Today 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020
  • 47. Versioning 1.0 1.5 2.0 New API Today 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020
  • 49. THANK YOU Questions and ideas to: @gbrail @daniel_jacobson groups.google.com/group/api-craft