Careful - APIs InsideTesting and Monitoring for API Driven Apps Steven Willmott 3scale Inc. @njyx, @3scale

Behind (Almost) Every App is a Great API

3scale is…API

Infrastructure Provider

!Power 350+

APIs !

110,000 Developers writing Apps

!

API Tech Operations API Business Operations Developer Support

(Selection)

3scale.net

Apps Depend on API Backends

Your App

Proxy

Your Backend

Indirect

Direct

Creates Problems

Development Time

Run Time

Bad Docs

High Latency

APIs Can Waste Time APIs Can Kill Your App

Weird HTTP Errors

OAuth Old Versions

Rate Limit Problems Poor SDKs

Random Failures

Version Changes

Rate Limit Failures

• HTTP is Easy until it’s not (Caching, Verbs, Headers, Hashes, Media Types)

• Use HTTP Sniffers (HTTPScoop, Fiddler) + network sniffers (e.g. Wireshark)

• Check & use caching headers • CORS, Cross Site Problems

!

Development Time Tools

http://www.slideshare.net/synedra/demystifying-restruby

• oAuth Libraries & Documentation • beware oAuth “variants” • Try: • oAuthbible.com • oauth.io

• Other Authentication: • Try to use provided SDKs • Unit Test heavily for custom

integrations

HTTP Problems Auth Problems

HTTPScoop

Development Time Tools

• Bad Documentation: look for interactive docs (swagger active docs, iodocs, apiary)

• Unspecified Rate Limits (when do they kick in?)

• Old Versions • Different Production and Test

Environments • Unit test mocks

!

!!!

“I was doing the following with you API, I was expecting this … to happen, to my dismay,

this other thing happened instead …”(*)

Provider Problems Pro Tip How to ask An API Provider a question

(* - credit Kirsten Hunter)

Active Docs

http://developer.flightstats.com (via 3scale)

Operations Time Tools

• Pingdom et. al. Provide standard HTTP alerts,

• Webmetrics: step by step test execution primarily for SOAP APIs

• Nagios, Monit, Munin, SENSU etc. in your own infrastructure

• Splunk et. al. for log analysis. !

!

!!!

• Runscope • Smartbear • 3scale APITools

!• New tools: proxy transform, step by

step unit testing, authentication tests, API specific analytics

!!

!

The Old The New How to ask An API Provider a question

http://www.soapui.org/Dojo/overview.html

Where is the Fun & Profit?

API Testing is getting easier

APIs are more stable over time

Mocks & Proxies Help a Lot

Happy Users are More Fun & Generate More Profit!

Thank YouContact:

http://www.3scale.net @njyx - steve@3scale.net