SlideShare a Scribd company logo

[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?

WSO2
WSO2

AsyncAPIs are hot right now! As enterprise architecture becomes highly distributed and decoupled, organizations are increasingly facing the need to create and consume AsyncAPIs. The challenges that come with creating and consuming AsyncAPIs are vastly different than those of regular REST APIs. These slides will cover common challenges faced by organizations trying to create and consume AsyncAPIs and solutions to the same. Will mainly address areas related to Authentication, Access Control, Governance, and Monitoring of AsyncAPIs.

Related slideshows

What do you mean by “API as a Product”?
What do you mean by “API as a Product”?What do you mean by “API as a Product”?
What do you mean by “API as a Product”?
 
Day 1 axway apim-training
Day 1 axway apim-trainingDay 1 axway apim-training
Day 1 axway apim-training
 
Microsoft Cognitive Services
Microsoft Cognitive ServicesMicrosoft Cognitive Services
Microsoft Cognitive Services
 
1 of 27
Download to read offline
Managing The Usages Of Asynchronous APIs July 29 2021 Sanjeewa Malalgoda Software Architect/A. Director
Hello! Sanjeewa Malalgoda Software Architect/ A. Director Engineering @WSO2 @sanjeewa190
● Why Asynchronous APIs? ● Asynchronous API usages and applications. ● API Management for asynchronous APIs. ● Asynchronous API management challenges and solutions. 3 Agenda
4 Synchronous Communication
5 REST APIs?
● View your account balance. ● Transfer money from your account via mobile application. ● Place order through e-commerce application. ● Search about something on the web. ● Upload your picture to social media. 6 Usages of synchronous APIs
7 Polling
● Additional network calls between client and server. ● Processing in server and client for each additional call ● Some researches found <5% new results coming through polling. ● Poor user experience. ● E-tags only solves part of the problem. 8 Polling?
9 Asynchronous Communication
● Receiving notifications about someone's reaction on your social media account. ● A new message notification on your mobile device. ● Liquidisation reminder from your trading application. ● Live location/schedule updates in transportation scenarios. ● Live sports score updates. ● Video games. ● Updates when 2 people works on same online document or issue. 10 Why Asynchronous APIs?
11 Asynchronous API Implementations Synchronous Asynchronous REST gRPC GraphQL Kafka NATS WebSocket MQTT AMQP Webhook SSE
● When to use asynchronous and synchronous APIs? ● Selecting implementation for your asynchronous API. ⦿ WebSockets - multiplexed, bidirectional streaming and for applications that need a huge amount of messages from both ends of the connection. ⦿ MQTT - for IoT devices with limited battery life. ⦿ Server-Sent Events - especially useful in browser client applications ⦿ Webhooks - pushing notifications to one or a small number of servers. 12 Choose Synchronous/Asynchronous
● Standardize asynchronous API design and documentation. ● Protocol agnostic API definitions. ● Tools support for APIs( document generation, client, SDK generations etc.) ● Address EDA specific requirements. 13 AsyncAPI Specification
Asynchronous API Management 14
The API Product Lifecycle Building ● Building your API. ● Different technologies - REST, SOAP, GraphQL, gRPC, Events, etc. Assembly ● Integrating systems and services to build APIs. Packaging ● Packaging APIs to form products ● Creating documentation ● Associating business plans ● Categorization Delivery ● API Platforms (Marketplaces) ● Catering to demand Automation ● API Automation techniques ● CI/CD and delivery pipelines API Product Lifecycle
● API Management related QoS applicable for asynchronous APIs as well. ⦿ Unify API development and subscription experience across protocols. ⦿ Authentication and authorization ⦿ Rate limits and throttling ⦿ Usage data monitoring and alerting ⦿ Business insights ⦿ Conformity scans 16 Asynchronous API Management
Event Driven API Management - https://github.com/wso2/reference-architecture /blob/master/event-driven-api-architecture.md
● API developer and API product manager roles are already established within organizations. ● Most of the organizations adopted design first API development methodology for new APIs. ● API developers usually prefer to use same platform they used for synchronous(REST) API development. ● API consumers prefer one API consumer portal or marketplace. 18 API Management Platform for both Synchronous/Asynchronous
● Different development experiences ( ex websub proxy/hub API creations does not need endpoint while websocket needs one). ● Users can start API development with API definition (AsyncAPI). ● Asynchronous APIs can have topics while synchronous REST APIs having resources. ● API development experience (Design > Development > Deploy > Test > Publish). 19 API Development Experience
● API discovering experience ● Subscriptions for APIs with business plans. ● Use API documentation ● Common API store features like comments, rating etc. 20 API Consumption
● Different protocols ties to different security mechanisms ⦿ Webhook(hub scenarios) use security mechanisms like verification token, signature (HMAC), thin payload, mutual TLS ⦿ WebSocket can be secured with standard OAuth with scopes or any other standard security mechanism. ⦿ SSE can be secured with tokens. ● Security mechanisms enabled for subscriber need to work across different protocols. ● Handle protocol specific security demands. 21 API Security
● Ability to support protocol specific rate limits ⦿ Webhook, SSE API can be rate limit with number of events transfer within a day or hour along with number of active subscriptions at any given time. ⦿ WebSocket APIs can be rate limit based on the data volume transferred. ● Ability to define business plans, rate limiting tiers by combining multiple rate limiting methodologies. 22 Rate Limiting
● Capture right events for API usages ● Capture protocol specific usage attributes ⦿ Ex: WebSocket bandwidth, SSE event counts, Webhook active user counts etc ● Visualizing collected data in meaningful way. 23 Monitoring & Alerting
● GraphQL allows users to subscribe for the events with attributes list. So they will be notified with requested content only. ● Ability to intercept messages and filter contents for async API will be plus point for any API Management system. ● With content inspection capability, upstream service modifications it can be detect easily and prevent client failures. 24 Content Scanning & Filtering
25 Connect with Events Streams Ability to connect with event sources directly and expose them as managed APIs via different protocols API Management Layer
Question Time!
wso2.com Thanks!

More Related Content

[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?

  • 1. Managing The Usages Of Asynchronous APIs July 29 2021 Sanjeewa Malalgoda Software Architect/A. Director
  • 2. Hello! Sanjeewa Malalgoda Software Architect/ A. Director Engineering @WSO2 @sanjeewa190
  • 3. ● Why Asynchronous APIs? ● Asynchronous API usages and applications. ● API Management for asynchronous APIs. ● Asynchronous API management challenges and solutions. 3 Agenda
  • 6. ● View your account balance. ● Transfer money from your account via mobile application. ● Place order through e-commerce application. ● Search about something on the web. ● Upload your picture to social media. 6 Usages of synchronous APIs
  • 8. ● Additional network calls between client and server. ● Processing in server and client for each additional call ● Some researches found <5% new results coming through polling. ● Poor user experience. ● E-tags only solves part of the problem. 8 Polling?
  • 10. ● Receiving notifications about someone's reaction on your social media account. ● A new message notification on your mobile device. ● Liquidisation reminder from your trading application. ● Live location/schedule updates in transportation scenarios. ● Live sports score updates. ● Video games. ● Updates when 2 people works on same online document or issue. 10 Why Asynchronous APIs?
  • 11. 11 Asynchronous API Implementations Synchronous Asynchronous REST gRPC GraphQL Kafka NATS WebSocket MQTT AMQP Webhook SSE
  • 12. ● When to use asynchronous and synchronous APIs? ● Selecting implementation for your asynchronous API. ⦿ WebSockets - multiplexed, bidirectional streaming and for applications that need a huge amount of messages from both ends of the connection. ⦿ MQTT - for IoT devices with limited battery life. ⦿ Server-Sent Events - especially useful in browser client applications ⦿ Webhooks - pushing notifications to one or a small number of servers. 12 Choose Synchronous/Asynchronous
  • 13. ● Standardize asynchronous API design and documentation. ● Protocol agnostic API definitions. ● Tools support for APIs( document generation, client, SDK generations etc.) ● Address EDA specific requirements. 13 AsyncAPI Specification
  • 15. The API Product Lifecycle Building ● Building your API. ● Different technologies - REST, SOAP, GraphQL, gRPC, Events, etc. Assembly ● Integrating systems and services to build APIs. Packaging ● Packaging APIs to form products ● Creating documentation ● Associating business plans ● Categorization Delivery ● API Platforms (Marketplaces) ● Catering to demand Automation ● API Automation techniques ● CI/CD and delivery pipelines API Product Lifecycle
  • 16. ● API Management related QoS applicable for asynchronous APIs as well. ⦿ Unify API development and subscription experience across protocols. ⦿ Authentication and authorization ⦿ Rate limits and throttling ⦿ Usage data monitoring and alerting ⦿ Business insights ⦿ Conformity scans 16 Asynchronous API Management
  • 17. Event Driven API Management - https://github.com/wso2/reference-architecture /blob/master/event-driven-api-architecture.md
  • 18. ● API developer and API product manager roles are already established within organizations. ● Most of the organizations adopted design first API development methodology for new APIs. ● API developers usually prefer to use same platform they used for synchronous(REST) API development. ● API consumers prefer one API consumer portal or marketplace. 18 API Management Platform for both Synchronous/Asynchronous
  • 19. ● Different development experiences ( ex websub proxy/hub API creations does not need endpoint while websocket needs one). ● Users can start API development with API definition (AsyncAPI). ● Asynchronous APIs can have topics while synchronous REST APIs having resources. ● API development experience (Design > Development > Deploy > Test > Publish). 19 API Development Experience
  • 20. ● API discovering experience ● Subscriptions for APIs with business plans. ● Use API documentation ● Common API store features like comments, rating etc. 20 API Consumption
  • 21. ● Different protocols ties to different security mechanisms ⦿ Webhook(hub scenarios) use security mechanisms like verification token, signature (HMAC), thin payload, mutual TLS ⦿ WebSocket can be secured with standard OAuth with scopes or any other standard security mechanism. ⦿ SSE can be secured with tokens. ● Security mechanisms enabled for subscriber need to work across different protocols. ● Handle protocol specific security demands. 21 API Security
  • 22. ● Ability to support protocol specific rate limits ⦿ Webhook, SSE API can be rate limit with number of events transfer within a day or hour along with number of active subscriptions at any given time. ⦿ WebSocket APIs can be rate limit based on the data volume transferred. ● Ability to define business plans, rate limiting tiers by combining multiple rate limiting methodologies. 22 Rate Limiting
  • 23. ● Capture right events for API usages ● Capture protocol specific usage attributes ⦿ Ex: WebSocket bandwidth, SSE event counts, Webhook active user counts etc ● Visualizing collected data in meaningful way. 23 Monitoring & Alerting
  • 24. ● GraphQL allows users to subscribe for the events with attributes list. So they will be notified with requested content only. ● Ability to intercept messages and filter contents for async API will be plus point for any API Management system. ● With content inspection capability, upstream service modifications it can be detect easily and prevent client failures. 24 Content Scanning & Filtering
  • 25. 25 Connect with Events Streams Ability to connect with event sources directly and expose them as managed APIs via different protocols API Management Layer