Published on February 24, 2014
Careful - APIs Inside Testing and Monitoring for API Driven Apps Steven Willmott 3scale Inc. @njyx, @3scale
Behind (Almost) Every App is a Great API
3scale is… API Infrastructure Provider ! Power 350+ APIs ! 110,000 Developers writing Apps (Selection) ! API Tech Operations API Business Operations Developer Support 3scale.net
Apps Depend on API Backends Your App Direct Indirect Proxy Your Backend
Creates Problems Development Time Run Time OAuth Bad Docs Weird HTTP Errors Rate Limit Problems High Latency Version Changes APIs Can Waste Time Old Versions Random Failures Poor SDKs Rate Limit Failures APIs Can Kill Your App
Development Time Tools HTTP Problems • • • • ! HTTP is Easy until it’s not (Caching, Verbs, Headers, Hashes, Media Types) Use HTTP Sniffers (HTTPScoop, Fiddler) + network sniffers (e.g. Wireshark) Check & use caching headers CORS, Cross Site Problems HTTPScoop Auth Problems oAuth Libraries & Documentation • beware oAuth “variants” • Try: • oAuthbible.com • oauth.io • Other Authentication: • Try to use provided SDKs • Unit Test heavily for custom integrations • http://www.slideshare.net/synedra/demystifying-restruby
Development Time Tools Provider Problems • • • • • ! Bad Documentation: look for interactive docs (swagger active docs, iodocs, apiary) Unspeciﬁed Rate Limits (when do they kick in?) Old Versions Different Production and Test Environments Unit test mocks Pro Tip How to ask An API Provider a ! question ! ! “I was doing the following with you API, I was expecting this … to happen, to my dismay, this other thing happened instead …”(*) (* - credit Kirsten Hunter)
Active Docs http://developer.ﬂightstats.com (via 3scale)
Operations Time Tools The Old • • • • Pingdom et. al. Provide standard HTTP alerts, Webmetrics: step by step test execution primarily for SOAP APIs Nagios, Monit, Munin, SENSU etc. in your own infrastructure Splunk et. al. for log analysis. ! The New ! How to ask An API Provider a ! question ! • • • Runscope Smartbear 3scale APITools ! • ! New tools: proxy transform, step by step unit testing, authentication tests, API speciﬁc analytics ! ! ! http://www.soapui.org/Dojo/overview.html
Where is the Fun & Proﬁt? API Testing is getting easier APIs are more stable over time Mocks & Proxies Help a Lot Happy Users are More Fun & Generate More Proﬁt!
Thank You Contact: http://www.3scale.net @njyx - firstname.lastname@example.org
Careful - APIs Inside: Testing and Monitoring ... Testing and Monitoring for App Development. ... APIs Inside Testing and Monitoring for API ...
... give you access to information such as the Context of the app you are testing ... Company / developer ... specifying the API level your app ...
Why "Mobile First" development? Why does Zend believe an API ... testing and deploying ... and that PHP provides the easiest choice for the development of ...
... Unit Testing: Testing the Inside. 2: ... driven by an API ... to an application development lifecycle: Unit testing is integrated ...
If your unit test has no dependencies or only has simple dependencies on Android, you should run your test on a local development machine. This testing ...
Web App Monitoring. ... Even reuse functional tests from API testing tools like Ready! ... AlertSite enables you to monitor your APIs, ...
com.google.appengine.tools.development.testing; Class ... Configuring Remote API on an App Engine ... so be careful not to share instances ...
Mobile App Backend Services This ... testing, and monitoring mobile backend services using ... Use the Cloud Monitoring API to retrieve ...