A presentation at Momentum Dev Con in in Cincinnati, OH, USA by Ben Greenberg
Best Practices for Building with External APIs Ben Greenberg @rabbigreenberg
or alternatively⦠@rabbigreenberg
@rabbigreenberg Becoming an API Explorer
Welcome to API Explorer Academy! π Our Mission β Discovering what to look for β Equipping with the right tools β Loving the journey, even with the bumps along the way! @rabbigreenberg
Before we start, who is this person talking to me? β Professional API Wrangler (i.e. Developer Advocate) at Orbit β Ruby is my happy language β SAN π« JFK π« TLV π orbit.love @rabbigreenberg π§ ben@orbit.love
Bonus Slide! Weβre hiring π β Globally distributed team β Remote first β Empathetic product-driven engineering β Enjoys space punsβ¦ sometimes π orbit.love/careers
First of all⦠What is an API? @rabbigreenberg
ββ¦ when a company offers an API to their customers, it just means that theyβve built a set of dedicated URLs that return pure data responses β meaning the responses wonβt contain the kind of presentational overhead that you would expect in a graphical user interface like a website.β - What is an API in Plain English @rabbigreenberg
Examples of APIs β Cat Facts - https://alexwohlbruck.github.io/cat-facts/ β Harvard Art Museums - https://github.com/harvardartmuseums/api-docs β Google Books - https://developers.google.com/books/ β Charity Search - http://charityapi.orghunter.com/ β National Bank of Poland - http://api.nbp.pl/en.html β U.S. Street Address Validation - https://www.smartystreets.com/docs/cloud/us-street-api β Associated Press - https://developer.ap.org/ @rabbigreenberg
Youβre interested in an API? @rabbigreenberg
API Explorer Academy: Stage I Initial Discovery
Your Investigation Checklist β π π π π π π API Reference Documentation Credentialing Rate Limits Pagination Support @rabbigreenberg
API Reference Why do you need an API reference? @rabbigreenberg
βThe OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection.β - OpenAPI Introduction @rabbigreenberg
What are the parameters? What does an error look like? What does success look like? @rabbigreenberg
@rabbigreenberg
@rabbigreenberg
β Does it have an API reference? @rabbigreenberg
Documentation Is there documentation? @rabbigreenberg
Can an API even be used without documentation⦠? - Stoplight
Types of Documentation π π π π π Overviews Tutorials Quickstarts Code Snippets Use Cases @rabbigreenberg
Describe each status code Soliciting feedback Attributes with data types Describe error types @rabbigreenberg
β Does it have documentation? @rabbigreenberg
Credentials Is it secure? @rabbigreenberg
Authentication is Identity Authorization is Access @rabbigreenberg
API π βI am who I say I am, please give me what I am asking for.β π βI believe you are who you say you are, here is your data.β APPLICATION @rabbigreenberg
Authentication Protocols π Basic Auth π API Key π OAuth @rabbigreenberg
Authentication Protocols π Basic Auth β Base64 encoded username and password π API Key β A key that identifies an authorized application π OAuth β User scoped authentication β Multi-step process @rabbigreenberg
Basic Authentication Example @rabbigreenberg
API Key Example @rabbigreenberg
OAuth 2.0 Client Credentials Flow 1 CLIENT Send Client ID and secret to /token 4 2 Validate client ID and secret Request data with token 3 Send token to client API @rabbigreenberg
β How does it authenticate? @rabbigreenberg
Rate Limiting and Pagination Are there limits? @rabbigreenberg
Rate Limiting is about requests Pagination is about records @rabbigreenberg
@rabbigreenberg
@rabbigreenberg
API Explorer Academy:Stage II Pre-Flight Checks
Letβs check out this API! @rabbigreenberg
Experimenting with an API @rabbigreenberg
Why do we experiment? β See Live Data β Check Assumptions β Do Something Wrong @rabbigreenberg
@rabbigreenberg
Save requests to replay later Examine the API response @rabbigreenberg Define parameters, authentication, headers and more
@rabbigreenberg
Authorization options: β β API Key OAuth Possible API responses: β β 200 401 @rabbigreenberg
@rabbigreenberg
API Explorer Academy: Stage III Ready to Launch
You donβt have to do it alone @rabbigreenberg
Tools To Help You On Launch Day β SDKs β Low-Code/No-Code Tools @rabbigreenberg
What is an SDK? @rabbigreenberg
βSDK stands for software development kit. Also known as a devkit, the SDK is a set of software-building tools for a specific platform, including the building blocks, debuggers and, often, a framework or group of code libraries such as a set of routines specific to an operating system (OS).β IBM Introduction to SDKs @rabbigreenberg
@rabbigreenberg
Stop worrying about the API @rabbigreenberg
Manages authentication Handles rate limiting and pagination @rabbigreenberg
APIs Can Introduce Breaking Changes Donβt Let Them Break You @rabbigreenberg
Adding Activities to Orbit via the API directly You need to know: β Headers β Authentication β Data format (JSON) β Data types All these are subject to change (often)! @rabbigreenberg
Adding Activities to Orbit via the SDK You need to know: β β What your data is What method to call @rabbigreenberg
β β β β β β @rabbigreenberg Build workflows graphically Integrate with numerous services automatically Customer support Build workflows graphically Add custom code solutions More programmer-oriented
API Explorer Academy: Stage IV Creating Outposts
Celebrate your wins along the way @rabbigreenberg
Each new learning is another new outpost in your growth @rabbigreenberg
βInstead of specializing in speedometers or steering wheels, software supply chain companies deliver reusable chunks of code that developers bring together to make finished applicationsβ¦ @rabbigreenberg
These are called APIs⦠@rabbigreenberg
β¦ This shift to component software is the next big leap in the evolution of the software industry.β - Jeff Lawson @rabbigreenberg
Stay in Touch ben@orbit.love @rabbigreenberg @bencgreenberg @rabbigreenberg
Modern software development nowadays is often focused on the connecting of existing services together to produce something new and useful. Working with external APIs is not for the faint of heart. Whether it is navigating documentation, deciphering obscure API error messages, composing authentication credentials, or more, there are countless potential problem areas to overcome when working with APIs. Creating applications that depend on external APIs should not have to be a painful experience. In our time together, we will uncover several best practices that can make your work more productive, less painful, and more enjoyable.
for free. You
can too.