Most organizations with a web presence build and operate APIs; the doorway for customers to interact with the company's services. Designing, building, and managing these critical programs affect everyone in the organization, from engineers and product owners to C-suite executives. But the real challenge for developers and solution architects is creating an API platform from the ground up.

With this practical book, you'll learn strategies for building and testing REST APIs that use API gateways to combine offerings at the microservice level. Authors James Gough, Daniel Bryant, and Matthew Auburn demonstrate how simple additions to this infrastructure can help engineers and organizations migrate to the cloud; and open the opportunity to connect internal services using technologies like a service mesh.

  • Learn API fundamentals and architectural patterns for building an API platform
  • Explore evolving trends such as asynchronous and streaming APIs
  • Help drive your API program by performing an informed architectural role
  • Build and configure key components of an API platform
  • Deploy gateways and service meshes based on case studies
  • Understand core security and vulnerabilities in API architecture
  • Secure data and services using OAuth 2.0, TLS, and web application firewalls

Table of Contents

  1. 1. API Architecture Primer
    1. A Brief Introduction to APIs and Microservices Based Architecture
    2. Traffic Patterns: API Consumption From All Cardinal Points
    3. North-South Ingress Traffic
    4. East-West Service-to-Service Traffic
    5. Traffic Patterns and Traffic Management
    6. Different Types of API
    7. API Architecture Taxonomy
    8. Core Concepts
    9. The Open Systems Interconnection (OSI) Networking Model
    10. Control Planes and Data Planes
    11. Sidecar Pattern
    12. Evolving Architecture
    13. API Architecture Toolbox
    14. Architecture Decision Records (ADR)
    15. C4 Model
    16. Conference System Example
    17. Structurizr Tool
    18. Summary
  2. 2. Defining Rest APIs and Alternative API Approaches
    1. Introduction to REST
    2. The Richardson Maturity Model
    3. REST API Standards and Structure
    4. Collections and Pagination
    5. Filtering Collections
    6. Updating Data
    7. Error Handling
    8. Checklist: Choosing an API Standard
    9. Specifying REST APIs
    10. OpenAPI Specification Structure
    11. Visualizing OpenAPI Specifications
    12. Practical Application of OpenAPI Specifications
    13. Code Generation
    14. OpenAPI Validation
    15. Examples and Mocking
    16. Detecting Changes
    17. API Versioning
    18. Semantic Versioning
    19. API Lifecycle
    20. OpenAPI Specification and Versioning
    21. Alternative API Formats
    22. Remote Procedure Call (RPC)
    23. Implementing RPC with gRPC
    24. GraphQL
    25. Exchanges and Choosing an API Format
    26. High Traffic Services
    27. Large Exchange Payloads
    28. HTTP/2 Performance Benefits
    29. Vintage Formats
    30. Performance Testing Exchanges
    31. Checklist: Modelling Exchanges
    32. Multiple Specifications
    33. The Golden Specification
    34. Challenges of Combined Specifications
    35. Summary
  3. 3. Testing APIs
    1. Scenario for this chapter
    2. The Testing Quadrant
    3. The Testing Pyramid
    4. Unit Testing
    5. Test Driven Development
    6. Classicist and Mockist
    7. Service Testing
    8. Component tests
    9. Integration tests
    10. Introduction to Testcontainers
    11. Other dockerized services
    12. Service testing Summary
    13. UI Testing
    14. Subcutaneous Tests
    15. Behavior Driven Development
    16. UI test summary
    17. Testing during the building of your application
    18. Can you test too much?
    19. Summary
  4. 4. API Gateways
    1. What Is an API Gateway?
    2. What Functionality Does an API Gateway Provide?
    3. Where Is an API Gateway Deployed?
    4. How Does an API Gateway Integrate with a Typical Edge Stack?
    5. Why Use an API Gateway?
    6. Reduce Coupling: Adapter / Facade Between Front Ends and Back Ends
    7. Simplify Consumption: Aggregating / Translating Back End Services
    8. Protect APIs from Overuse and Abuse: Threat Detection and Mitigation
    9. Understand How APIs Are Being Consumed: Observability
    10. Manage APIs as Products: API Lifecycle Management
    11. Monetize APIs: Account Management, Billing, and Payment
    12. A Modern History of API Gateways
    13. Late 1990s: Hardware Load Balancers
    14. Early 2000s: Software Load Balancers
    15. Mid 2000s: Application Delivery Controllers
    16. Early 2010s: First Generation API Gateways
    17. 2015 Onwards: Second Generation API Gateways
    18. Coda (2017 Onwards): Service Mesh and/or API Gateway?
    19. Current API Gateway Taxonomy
    20. Traditional Enterprise Gateways
    21. Micro/Microservices Gateways
    22. Service Mesh Gateways
    23. Comparing API Gateway Types
    24. Deploying API Gateways: Understanding and Managing Failure
    25. API Gateway as a Single Point of Failure
    26. Detecting Problems
    27. Resolving Incidents and Issues
    28. Mitigating Risks
    29. API Gateway Antipatterns: Mixing Traffic Patterns
    30. API Gateway Loopback: “Service Mesh Lite”
    31. API Gateway as an ESB: Egregious Spaghetti Boxes?
    32. Turtles (API Gateways) All the Way Down
    33. Selecting an API Gateway
    34. Identifying Requirements
    35. Exploring Constraints: Team, Technologies, and Roadmap
    36. Build Versus Buy
    37. Radars, Quadrants, and Trend Reports
    38. API Gateway: A Type 1 Decision
    39. Checklist: Selecting an API Gateway
    40. Summary