Create Delightful SDKs with OpenAPI

A presentation at API Specifications Conference in September 2020 in by Lorna Jane Mitchell

Slide 1

Slide 1

Create Delightful SDKs from OpenAPI Lorna Mitchell, Vonage

Slide 2

Slide 2

API Descriptions … What Next? @lornajane

Slide 3

Slide 3

Share and Maintain https://github.com/Nexmo/api-specification/releases This gives developers control. In a good way. @lornajane

Slide 4

Slide 4

Start with Docs OpenAPI encourages descriptions and examples Styles are separate @lornajane

Slide 5

Slide 5

Time to First API Call @lornajane

Slide 6

Slide 6

Generated Code Generated libraries are better than nothing! If there is no library, a code generator gives a developer: • Abstracts away the HTTP handling • Simple validation (probably) • IDE autocomplete for the basic structure @lornajane

Slide 7

Slide 7

Generated Code Reduce cognitive load on your users @lornajane

Slide 8

Slide 8

How to Generate Code This example from https://openapi-generator.tech/ docker run —rm -v ${PWD}:/local openapitools/openapi-generator-cli \ generate \ -i verify.yml \ —package-name verify \ -g go \ -o /local/out/golang/verify @lornajane

Slide 9

Slide 9

Generated Code @lornajane

Slide 10

Slide 10

We Can Do Better @lornajane

Slide 11

Slide 11

SDKs Libraries are a key ingredient of Developer Experience @lornajane

Slide 12

Slide 12

About Generated Code @lornajane

Slide 13

Slide 13

Wrap Sharp Edges For example, the autocomplete example from earlier: ctx := context.withvalue( context.background(), verify.contextapikey, verify.apikey{key: client.apikey} ) result, resp, err := verifyClient.DefaultApi.VerifyRequest( ctx, “json”, client.apiSecret, number, brand, verify.VerifyRequestOpts{}) @lornajane

Slide 14

Slide 14

Wrap Sharp Edges For the user, it’s more like: auth := nexmo.CreateAuthFromKeySecret(API_KEY, API_SECRET) verifyClient := nexmo.NewVerifyClient(auth) resp, _, _ := verifyClient.Request( PHONE, “GoTest”, vonage.VerifyOpts{}) @lornajane

Slide 15

Slide 15

Auth Helpers Add creds to API request, or: auth := nexmo.CreateAuthFromKeySecret(“abcd1234”, “VeryS3cr3t”) Generate a JWT by hand, or: privateKey, _ := ioutil.ReadFile(“private.key”) auth, _ := nexmo.CreateAuthFromAppPrivateKey(“abcdef012345”, privateKey) @lornajane

Slide 16

Slide 16

Provide Escape Routes Do your own JWTs, or customise our helper privateKey, _ := ioutil.ReadFile(PATH_TO_PRIVATE_KEY_FILE) g := jwt.Generator{ ApplicationID: APPLICATION_ID, PrivateKey: privateKey, TTL: time.Minute * time.Duration(90), } g.AddPath(jwt.Path{Path: “/*/users/**”}) token, _ := g.GenerateToken() @lornajane

Slide 17

Slide 17

Security Helpers Webhooks use either signatures from shared secrets, or JWTs $signature = new \Nexmo\Client\Signature( $_GET, SIGNATURE_SECRET, ‘sha256’); // is it valid? Will be true or false $isValid = $signature->check($_GET[‘sig’]); @lornajane

Slide 18

Slide 18

Builders For example, formatting JSON structures from strongly-typed languages TalkAction intro = TalkAction.builder(“Hi! Speak after the beep”) .voiceName(VoiceName.KIMBERLY) .build(); RecordAction record = RecordAction.builder() .beepStart(true) .endOnKey(‘#’) .build() res.type(“application/json”); return new Ncco(intro, record).toJson(); @lornajane

Slide 19

Slide 19

Delightful SDKs Wrappers are the “Delight” in the “Delightful SDK” @lornajane

Slide 20

Slide 20

Go The Extra Mile For added customer delight: • Code examples, for everything • Detailed tutorials, joining up more than one piece of the puzzle For your own delight: • Download stats • Usage stats @lornajane

Slide 21

Slide 21

All APIs Deserve Delightful SDKs OpenAPI lets us focus on the best bits! @lornajane

Slide 22

Slide 22

Thanks! References: • http://spec.openapis.org/ • https://developer.nexmo.com/tools • https://openapi.tools Me: • https://lornajane.net @lornajane