Introducing a new title from the Nordic APIs writing team! For this eBook, we took the top 15 most popular YouTube sessions from our last Platform Summit, and wrote companion chapters that dove into each topic. Download this volume and get the latest API Design advice the industry has to offer!
Expert insights on designing APIs with longevity in mind. We cover the most pressing API design decisions for maintaining long-lasting API platforms, including REST, versioning strategies, common anti-patterns, OAuth 2.0 in IoT, microservices, GraphQL, and more…
Roy Fielding, the creator of the REST standard for API design, once described REST as:
“software design on the scale of decades: every detail is intended to promote software longevity and independent evolution. Many of the constraints are directly opposed to short-term efficiency.”
Essentially, he acknowledged how developers often execute short term design without long-term design in mind, which causes inadaptability as technology evolves.
In October 2016 Nordic APIs held it’s annual Platform Summit centered on this theme, bringing together API industry thought leaders to share their insights on what it means to architect and design Application Programming Interfaces on the scale of decades. The event detailed RESTful design techniques for longevity, operational components of sustaining an API, and topics like DevOps, microservices architectures, developer relations, and new business methodologies for supporting an API platform.
Mission critical insights from Platform Summit speakers
Dedicated to the speakers, attendees, and sponsors that continually make Nordic APIs events wonderful!
To create API Design on the Scale of Decades, we gathered the top 15 most watched sessions from the Summit that were relevant to API Design, and drafted companion blog posts to dive into each topic. This unique volume thus contains a holistic assortment of insights that our followers have found to be the most current, mission-critical ideas for sustaining an API platform.
For API designers and architects, this eBook release presents a convenient way to tap into a wide range of knowledge that we’ve been collating on the blog over the last few months. Guided by some of the most impactful Nordic APIs presentations, it outlines some of the most helpful advice we’ve published to date.
TL/DR: 15 Major Takeaways
From REST to securing the Internet of Things, in this volume we’ve covered a lot of ground. For the light readers out there, here are the key takeaways API designers should grasp from each chapter:
- Understand true REST API design: We responded to misconceptions of REST API design, reviewed hypermedia, and explored what it takes to create a HATEOAS-compliant state machine.
- But consider GraphQL: GraphQL performs select functions better than REST, but it means a significant reversal of modern REST API design standards.
- Private APIs benefit from continuous versioning: Eradicating the typical URI versioning schematic (v1, v2, etc) could withhold the server to client bond, equating to consistency and better API agility, however is largely unproven in public scenarios.
- API-fy internal processes: Spotify brilliantly uses Internal APIs to streamline their varying payment type subscription options. Consider how internal APIs can bring platform-wide consistency to improve your UX.
- Have a serverless API backend: Serverless architecture offers an infinitely scalable cloud backend for APIs and web applications, equating to a lean platform and cost reduction.
- Put an end to polling: Allowing clients to continually poll APIs can be a huge, wasted drain on your resources. Instead, use REST Hooks, or alternative means such as websockets or Server-sent.
- Master microservice gardening: API providers must eschew monolithic centralization in favor of innovation and new developments. This includes using Bimodal IT for parallel tracks, and a microservices architecture.
- Model automotive IT for API longevity: API providers could take a lesson or two from automotive grade manufacturing – automakers must build long-lasting, reliable IoT-centric APIs that stand the test of time.
- Use OAuth 2.0 to secure the IoT: The IoT is coming, and OAuth 2.0 is the way to secure it.
- Avoid common API design anti-patterns: Always consider the operational repercussions for the design moves we make now. Avoid improper HTTP method usage, protocol tunneling, polling, and rigid microservices structure.
- Personal data is valuable: With the rise of open banking, programmatic accessibility to the “API of Me” is becoming more realistic. Keep in mind the value of user data, and the government regulations mandating its liquidity.
- Use DevOps: When Humpty Dumpty falls and cracks, instead of pointing fingers, development, operations and QA should work together. This means having a DevOps mindset.
- Secure the platform for decades: IoT and API security must unite, so that developers can begin to scale their platform and security measures accordingly. This means building on open standards.
- Use the OpenAPI Specification: For growing and securing the API lifecycle, use a powerful API specification format. The OpenAPI Specification is a great solution to boost platform agility.
- Enterprise API management techniques: For lessons in enterprise grade API management, we studied Bosch’s experience implementing Axway’s API management solution across billions of data points.
Next Release: GraphQL or Bust
As we close the chapter on the last Platform Summit we begin to plan for the future. Stay tuned for updates from Nordic APIs on upcoming events, as well as our fall 2017 Summit, which will be on the theme of API Scalability. On that note, if you would like to join the lineage of past API speakers, consider submitting a session here. Please enjoy API Design on the Scale of Decades, and let us know how we can improve.
Now, our eBook releases usually come paired with an announcement for a new title, and this release is no different. Guess what… it’s a GraphQL book! What else could it be about?
As we’ve covered before, GraphQL is the query language making ripples throughout the economy. GraphQL or Bust will aim to once and for all determine the position of GraphQL within the API ecosystem. We’ll explore things like the benefits of GraphQL, the differences between it and REST, nuanced security concerns, extending GraphQL with additional tooling, GraphQL-specific consoles, making a transition to GraphQL from an existing web API, and much more.
Thank you again to our readers, event attendees, and event sponsors and partners. If you appreciate what we’re doing, consider following @NordicAPIs and signing up to our newsletter for curated blog updates and future event announcements.