Professional Documents
Culture Documents
The Evolution of APIs From The Cloud Age and Beyond
The Evolution of APIs From The Cloud Age and Beyond
The Evolution of APIs From The Cloud Age and Beyond
ebook
1
The Evolution of APIs: From the Cloud Age and Beyond
Content
2
The Evolution of APIs: From the Cloud Age and Beyond
In this Part Two of our series on the evolution of APIs, we pick up where
we left off from Part One— The Evolution of APIs: From RPC to SOAP
and XML— considering how the shape and development of APIs has
changed as we enter the cloud age of the internet.
At the end of Part One in this series, we saw how web APIs
communicate via SOAP/XML over the HTTP protocol.
RESTful APIs
3
The Evolution of APIs: From the Cloud Age and Beyond
• Stateless: The API server will not host any session or state details
about a client request. As far as the API is concerned, each
request is new. This is the default behavior of HTTP requests. The
responsibility for managing the state information lies entirely with
the client.
4
The Evolution of APIs: From the Cloud Age and Beyond
• Layered system: The interaction between the client and the server
can be enabled through other auxiliary services.
• Plaintext
• HTML
• YAML
• XML
• JSON
5
The Evolution of APIs: From the Cloud Age and Beyond
JSON
[
{
"firstname": "John",
"lastname": "doe",
"email": "john.doe@email.com",
"phone": "111-222-3333"
},
{
"firstname": "Jane",
"lastname": "Bloggs",
"email": "jblogg@anotheremail.com",
"phone": "222-333-4444"
}
]
OpenAPI
1. The API endpoints and the HTTP methods to access them. The
OpenAPI document specifies the input parameters for each
method and the possible HTTP response codes.
2. Reusable components within the API.
3. API metadata such as the title, version, description, and
other information.
6
The Evolution of APIs: From the Cloud Age and Beyond
gRPC
While RESTful APIs typically use HTTP as a communication protocol, the
newer version of the protocol, HTTP/2, came out in 2015. At the same
time, Google introduced another framework for APIs, gRPC, which used
HTTP/2.
In Part One, we discussed how Remote Procedure Call (RPC) was one
of the earliest means of communication between applications running
on remote machines. gRPC is a framework for creating RPC-based
APIs. gRPC is based on RPC but takes it a step further by adding
interoperability with HTTP/2.
Since it’s based on RPC, a gRPC client can directly call a service method
on a gRPC server—whether the server is remote or local. The gRPC
server implements the service interface, consisting of its methods and
parameters and the returned data types, and answers client calls.
7
The Evolution of APIs: From the Cloud Age and Beyond
GraphQL
Originally developed by Facebook for its mobile applications in 2012 and
open sourced in 2015, GraphQL is a query language and runtime that
allows users to query APIs to return the exact data they need. Clients
make multiple calls for data with different parameters appended to the
URL in a typical RESTful API. In contrast, GraphQL allows developers to
create queries that can fetch all (and only) the data needed from multiple
sources in a single call.
Developers create GraphQL schemas to include all the data fields an API
query can ask for. When a client application queries a GraphQL API, the
query is matched against the schema. If the fields requested exist and
match, then the API returns the result.
Message Queues
8
The Evolution of APIs: From the Cloud Age and Beyond
To alleviate this, API A can send its message to a message queue for
API B and then continue with its work. API B can poll the message
queue periodically to see if there are any messages for it. When it
finds the message from API A, it fetches the message, performs the
requested function, and returns the result. To make API B loosely
coupled, it can also use another queue and send the result there.
9
The Evolution of APIs: From the Cloud Age and Beyond
API Middleware
This design ensures that changes to the API integration logic only
need to happen in one place and that the APIs themselves can be
managed independently.
Fine-grained APIs
10
The Evolution of APIs: From the Cloud Age and Beyond
11
The Evolution of APIs: From the Cloud Age and Beyond
Microservices
Microservices are both the name of a specific type of software
implementation and a software design architecture. In short,
microservices allow a complex application to be broken down into
several small, independent “services.” These services are nothing more
than software programs—much like the subroutines, functions, or web
service APIs we have covered thus far.
12
The Evolution of APIs: From the Cloud Age and Beyond
Serverless Functions
13
The Evolution of APIs: From the Cloud Age and Beyond
Behind the scenes, the code does run on some server somewhere, but
those details are opaque to the developer. As far as the developer is
concerned, there’s no server involved—it’s serverless.
Platform Independence
At the beginning of the cloud age, there was an early rush to port
everything to the cloud. That impulse has now given way to more
mature organizational thinking. Many larger enterprises are deciding
to keep their on-premise network, often adopting a hybrid-cloud or
multi-cloud model. With the multi-cloud model, an organization has
its IT assets spread across a private cloud and multiple public cloud
tenancies.
This sprawl means microservices and their APIs are now also multi-
tenant. An application can span across the data center and multiple
public clouds. Services could be running on physical machines, virtual
servers both on-premise and in the cloud, Docker containers running in
Kubernetes pods, or as serverless entities.
These services can connect using direct links, VPNs, and trusted
virtual private clouds (VPCs) at a physical level. However, there is also
overhead. For example:
• The network that glues all the services together may be slow or
have unpredictable performance.
• Even when services are loosely coupled, they still need
a reliable way to communicate. Building highly available,
intelligent routing mechanisms for service communication is a
complex undertaking.
14
The Evolution of APIs: From the Cloud Age and Beyond
Service Mesh
A service mesh is a dedicated infrastructure layer built into an
application to enable its microservices to communicate using proxies.
A service mesh takes the service-to-service communication logic from
the microservice’s code and moves it to its network proxy.
The proxy runs in the same infrastructure layer as the service and
handles the message routing to other services. This proxy is often called
a sidecar because it runs side-by-side with service. The interconnected
sidecar proxies from many microservices create the mesh.
15
The Evolution of APIs: From the Cloud Age and Beyond
• Observability: The logs and metrics from a mesh can quickly show
if the services are communicating without any issues.
• Secure connection: Risk is minimized as proxies connect securely.
• Automated failover: The mesh automates retries and backoffs for
failed services.
A great example of the API economy is travel sites that allow you to
search, compare, book, and pay for travel arrangements. There are
thousands of operators in the travel industry, and many offer their
information through APIs. Travel sites use these APIs to get their data,
but the end-user is unaware of it.
However, the API economy also raises concerns about security and
performance, which we will see in the next and final chapter.
16
The Evolution of APIs: From the Cloud Age and Beyond
Web 3.0 (originally called the “Semantic Web” by Tim Berners-Lee) is the
Web that will dominate tomorrow. Web 3.0 has yet to receive a precise
definition, but most people agree on some standard features.
The web we know today will become more accessible than ever. Today,
the web is mostly used through computers and mobile devices. In Web
3.0, the internet will be accessible by smart devices that are internet-
ready and can search, consume, process, and share information just like
phones and laptops do today.
17
The Evolution of APIs: From the Cloud Age and Beyond
Another feature will be video giving way to virtual reality (VR) and
augmented reality (AR) applications. Everything from surgery to
education will be affected by the rich 3D graphics of these technologies.
This leaves us with the following question: How will APIs look in Web
3.0? The answer is: Most likely, APIs will be event-driven.
Event-driven APIs
The traditional approach to consuming an API has been request-response.
Applications send an API query, and the API sends back a result.
18
The Evolution of APIs: From the Cloud Age and Beyond
19
The Evolution of APIs: From the Cloud Age and Beyond
Blockchain
Thanks to well-known cryptocurrencies like Bitcoin or Ethereum,
blockchain technology is increasingly being used for other
distributed transaction-based workloads. Blockchain is a distributed
ledger of transactions based on trust and verification. Each
transaction in the blockchain is immutable and is open to all nodes
in the network.
Artificial Intelligence
Artificial Intelligence (AI) allows human-programmed applications
to observe and learn from event data patterns, making autonomous
decisions for the program’s execution path based on that observation.
Cloud providers now offer several advanced AI-enabled APIs for
developing cognitive applications. Examples of these services
include natural language processing (NLP), face recognition, and
video analysis. Using these services’ APIs significantly reduces
development time as the cloud product does most of the heavy lifting.
20
The Evolution of APIs: From the Cloud Age and Beyond
IoT
Internet-of-Things (IoT) are physical devices connected over a
network that can create, collect, and share data with other devices
over the internet.
APIs for IoT are the glue that sits between heterogeneous devices
and the applications that use them. Typical examples of IoT APIs can
be seen in app-controlled devices like personal fitness trackers, lights,
alarms, and more. These devices capture information and send that
over the internet to the manufacturer’s backend system.
21
The Evolution of APIs: From the Cloud Age and Beyond
API Linting
APIOps
22
The Evolution of APIs: From the Cloud Age and Beyond
Securing APIs
Like any computing resource, APIs are also the target of malicious
attacks, and their potential vulnerabilities include:
• Using shadow code (third-party code that has not been checked
for security threats)
• Using out-of-date code libraries
• Using poor firewall or API gateway configurations
23
The Evolution of APIs: From the Cloud Age and Beyond
The list is not exhaustive, but the main takeaway here is this: securing
APIs isn’t just one team’s responsibility. Everyone involved in the
design, development, testing, and deployment should be part of the
security initiative.
Environment Independence
Despite the wide adoption of cloud technologies and containerized
applications, traditional infrastructure isn’t going away any time soon.
Organizations will be running their workloads in physical servers,
multiple clouds, virtual machines, containers, and even serverless
platforms—side-by-side and for some time to come.
24
The Evolution of APIs: From the Cloud Age and Beyond
Final Words
We have been on a journey. In this second part of our two-part
eBook tracing the evolution of APIs, we’ve looked in particular
at APIs during this modern cloud age. We considered RESTful
APIs and the recent explosion of microservices development. As
today’s software applications have evolved to comprise a mesh of
globally distributed APIs, the need for robust, secure, and seamless
connectivity is apparent.
We hope that this eBook has given you perspective about the history
of APIs and how they have changed in shape over the years. If
you are developing APIs, you can consider the extensive suite of
application solutions from Kong, a Gartner Magic Quadrant Leader
for Full Lifecycle API Management. To learn more, talk to one of our
API experts.
25
Konghq.com
Kong Inc.
contact@konghq.com