API: Designing, Security and Monitoring

 1 months ago 173 views
Presented by Danielle KAYUMBI

April 4, 2020

An Application Programming Interface (API) allows two systems to communicate with one another. A API have potential to add value to business. So understanding an API and how to measure performance is the key in capturing the potential value APIs offer.

How do we design and standardize our API ? How do we control access to our API? How do we capture metrics and handle alerts?

We will try to give solutions during this conference: designing, documentation, security, logging, monitoring.

Designing: Generally during a project, the team argues about the way the JSON responses should be formatted for the API. A specification plays a big role in this case to share conventions. The goal is to increase productivity and efficiency and focus on what matters: the application. There are many approaches to designing web API from REST, GPRC, to GRAPHQL. What is the best specification for a specific project ? What are the benefits from using a specification over another (JSON API vs JSON LD for instance) ?

Securtity: For a monolith application or microservices, we have to manage security: authentication for one or several services, maintenance of the endpoints, aggregating data,..An intuitive way on a microservices architecture is to hide services behind a new service layer also known as an API Gateway. It will help us on many points: - Protect our services with an authentication layer - restrict inbound and outbound API traffic - transform requests and responses on the fly There are many solutions for API Gateway such as KONG, Apache Knox, Amazon API Gateway,... What is the best solution for our applications ?

Logging ang Monitoring: If APIs fail, your applications fail. That's the main goal behind monitoring API. APIs are critical to a host of business operations and services, but how do you monitor the service level you are getting? There are many tools suchs as Datagod, ELK Stack, .. with can help us to define performance metrics as well a event monitoring for infrastructure and cloud services.

About Danielle
Graduated from the Sup Galilée School of Engineering in Software Engineering in 2010, and mother of 3 boys including a pair of twins, I am passionate about web technologies, including PHP language, the Symfony Framework. For 4 years I have been freelance in web development PHP 7 / Symfony 4, in parallel with my activity as General Manager of my own company, DK Wave Technology. Today I am preparing myself to pass a PHP certification and I wish to bring new ideas into the PHP community. I also had the privilege of sharing my experiences during two conferences in France: Symfony Live Paris 2019 and PHP Tour Nantes 2017. Besides development, I also love martial arts (Taekwondo) and baking from every angle.