Most organizations with a web presence build and operate APIs; the doorway for customers to interact with the company's services. Designing, building, and managing these critical programs affect everyone in the organization, from engineers and product owners to C-suite executives. But the real challenge for developers and solution architects is creating an API platform from the ground up.
With this practical book, you'll learn strategies for building and testing REST APIs that use API gateways to combine offerings at the microservice level. Authors James Gough, Daniel Bryant, and Matthew Auburn demonstrate how simple additions to this infrastructure can help engineers and organizations migrate to the cloud; and open the opportunity to connect internal services using technologies like a service mesh.
- Learn API fundamentals and architectural patterns for building an API platform
- Use practical examples to understand how to design, build, and test API-based systems
- Deploy, operate, and configure key components of an API platform
- Use API gateways and service meshes appropriately, based on case studies
- Understand core security and common vulnerabilities in API architecture
- Secure data and APIs using threat modeling and technologies like OAuth2 and TLS
- Learn how to evolve existing systems toward API- and cloud-based architectures
Table of contents
- Why Did We Write This Book?
- Why Should You Read This Book?
- Who This Book Is For
- What You Will Learn
- What This Book Is Not
- Conventions Used in This Book
- Using Code Examples
- OâReilly Online Learning
- How to Contact Us
- The Architecture Journey
- A Brief Introduction to APIs
- Running Example: Conference System Case Study
- Using C4 Diagrams
- Using Architecture Decision Records
- I. Designing, Building, and Testing APIs
1. Design, Build, and Specify APIs
- Case Study: Designing the Attendee API
- Introduction to REST
- Introduction to Remote Procedure Call (RPC) APIs
- A Brief Mention of GraphQL
- REST API Standards and Structure
- Specifying REST APIs Using OpenAPI
- Practical Application of OpenAPI Specifications
- API Versioning
- Implementing RPC with gRPC
- Modeling Exchanges and Choosing an API Format
- Guideline: Modeling Exchanges
- Multiple Specifications
2. Testing APIs
- Conference System Scenario for This Chapter
- Testing Strategies
- Contract Testing
- API Component Testing
- API Integration Testing
- End-to-End Testing
- II. API Traffic Management
3. API Gateways: Ingress Traffic Management
- Is an API Gateway the Only Solution?
- Guideline: Proxy, Load Balancer, or API Gateway
- Case Study: Exposing the Attendee Service to Consumers
- What Is an API Gateway?
- What Functionality Does an API Gateway Provide?
- Where Is an API Gateway Deployed?
- How Does an API Gateway Integrate with Other Technologies at the Edge?
Why Use an API Gateway?
- Reduce Coupling: Adapter/Facade Between Frontends and Backends
- Simplify Consumption: Aggregating/Translating Backend Services
- Protect APIs from Overuse and Abuse: Threat Detection and Mitigation
- Understand How APIs Are Being Consumed: Observability
- Manage APIs as Products: API Lifecycle Management
- Monetize APIs: Account Management, Billing, and Payment
- A Modern History of API Gateways
- Current API Gateway Taxonomy
- Case Study: Evolving the Conference System Using an API Gateway
- Deploying API Gateways: Understanding and Managing Failure
- Common API Gateway Implementation Pitfalls
- Selecting an API Gateway
4. Service Mesh: Service-to-Service
- Is Service Mesh the Only Solution?
- Guideline: Should You Adopt Service Mesh?
- Case Study: Extracting Sessions Functionality to a Service
- What Is Service Mesh?
- What Functionality Does a Service Mesh Provide?
- Where Is a Service Mesh Deployed?
- How Does a Service Mesh Integrate with Other Networking Technologies?
- Why Use a Service Mesh?
- Evolution of Service Mesh
- Service Mesh Taxonomy
- Case Study: Using a Service Mesh for Routing, Observability, and Security
- Deploying a Service Mesh: Understanding and Managing Failure
- Common Service Mesh Implementation Challenges
- Selecting a Service Mesh
- III. API Operations and Security
5. Deploying and Releasing APIs
- Separating Deployment and Release
- Case Study: Modeling Releases in the Conference System
- Release Strategies
- Case Study: Performing Rollouts with Argo Rollouts
- Monitoring for Success and Identifying Failure
- Application Decisions for Effective Software Releases
6. Operational Security:
Threat Modeling for APIs
- Case Study: Applying OWASP to the Attendee API
- The Risk of Not Securing External APIs
- Threat Modeling 101
- Thinking Like an Attacker
- How to Threat Model
7. API Authentication and Authorization
- Authorization Server Role with API Interactions
- JSON Web Tokens (JWT)
- Terminology and Mechanisms of OAuth2 Grants
- ADR Guideline: Should I Consider Using OAuth2?
- Authorization Code Grant
- Refresh Tokens
- Client Credentials Grant
- Additional OAuth2 Grants
- ADR Guideline: Choosing Which OAuth2 Grants to Support
- OAuth2 Scopes
- Authorization Enforcement
- Introducing OIDC
- SAML 2.0
- IV. Evolutionary Architecture with APIs
8. Redesigning Applications to
- Why Use APIs to Evolve a System?
- Case Study: Establishing Attendee Domain Boundaries
- End State Architecture Options
- Managing the Evolutionary Process
- Architectural Patterns for Evolving Systems with APIs
- Identifying Pain Points and Opportunities
9. Using API Infrastructure to
Evolve Toward Cloud Platforms
- Case Study: Moving the Attendee Service to the Cloud
- Choosing a Cloud Migration Strategy
- Case Study: Replatforming the Attendee Service to the Cloud
- Role of API Management
- NorthâSouth Versus EastâWest: Blurring Lines of Traffic Management
- From Zonal Architecture to Zero Trust
- Case Study: A Look Back on Your Journey
- APIs, Conwayâs Law, and Your Organization
- Understanding Decision Types
- Preparing for the Future
- Whatâs Next: How to Keep Learning About API Architecture
- About the Authors
- Title: Mastering API Architecture
- Release date: October 2022
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781492090632
You might also like
51+ hours of video instruction. Overview The professional programmer’s Deitel® video guide to Python development with …
Clean Code: A Handbook of Agile Software Craftsmanship
Even bad code can function. But if code isn't clean, it can bring a development organization …
40 Algorithms Every Programmer Should Know
Learn algorithms for solving classic computer science problems with this concise guide covering everything from fundamental …
Data Science from Scratch, 2nd Edition
To really learn data science, you should not only master the tools—data science libraries, frameworks, modules, …