Date post: | 08-May-2015 |
Category: |
Technology |
Upload: | 3scale |
View: | 2,424 times |
Download: | 0 times |
Careful - APIs InsideTesting and Monitoring for API Driven Apps Steven Willmott 3scale Inc. @njyx, @3scale
Behind (Almost) Every App is a Great API
3scale is…API
Infrastructure Provider
!Power 350+
APIs !
110,000 Developers writing Apps
!
API Tech Operations API Business Operations Developer Support
(Selection)
3scale.net
Apps Depend on API Backends
Your App
Proxy
Your Backend
Indirect
Direct
Creates Problems
Development Time
Run Time
Bad Docs
High Latency
APIs Can Waste Time APIs Can Kill Your App
Weird HTTP Errors
OAuth Old Versions
Rate Limit Problems Poor SDKs
Random Failures
Version Changes
Rate Limit Failures
• HTTP is Easy until it’s not (Caching, Verbs, Headers, Hashes, Media Types)
• Use HTTP Sniffers (HTTPScoop, Fiddler) + network sniffers (e.g. Wireshark)
• Check & use caching headers • CORS, Cross Site Problems
!
Development Time Tools
http://www.slideshare.net/synedra/demystifying-restruby
• oAuth Libraries & Documentation • beware oAuth “variants” • Try: • oAuthbible.com • oauth.io
• Other Authentication: • Try to use provided SDKs • Unit Test heavily for custom
integrations
HTTP Problems Auth Problems
HTTPScoop
Development Time Tools
• Bad Documentation: look for interactive docs (swagger active docs, iodocs, apiary)
• Unspecified Rate Limits (when do they kick in?)
• Old Versions • Different Production and Test
Environments • Unit test mocks
!
!!!
“I was doing the following with you API, I was expecting this … to happen, to my dismay,
this other thing happened instead …”(*)
Provider Problems Pro Tip How to ask An API Provider a question
(* - credit Kirsten Hunter)
Active Docs
http://developer.flightstats.com (via 3scale)
Operations Time Tools
• Pingdom et. al. Provide standard HTTP alerts,
• Webmetrics: step by step test execution primarily for SOAP APIs
• Nagios, Monit, Munin, SENSU etc. in your own infrastructure
• Splunk et. al. for log analysis. !
!
!!!
• Runscope • Smartbear • 3scale APITools
!• New tools: proxy transform, step by
step unit testing, authentication tests, API specific analytics
!!
!
The Old The New How to ask An API Provider a question
http://www.soapui.org/Dojo/overview.html
Where is the Fun & Profit?
API Testing is getting easier
APIs are more stable over time
Mocks & Proxies Help a Lot
Happy Users are More Fun & Generate More Profit!