Generating Swagger Specifications

Both top-down and bottom-up API development processes can be adopted to create a Swagger-enabled API.

• Top-down approach: Creates a Swagger definition using Swagger Editor and uses integrated Swagger Codegen tools to generate server implementation.

• Bottom-up approach: Uses Swagger Editor to manually generate Swagger definitions, or autogenerates Swagger definitions created using Swagger supported tools, such as JAX-RS or Node.js.

The Swagger File Structure

The Swagger-based API specification is documented in JSON or YAML format. The Swagger specifications include the following in the API interface.

• swagger: Describes Swagger specification version

• info: Shows the API’s metadata

• host: The hostname or IP serving the API

• basePath: The base path on which the API is served relative to the host

• schemes: The protocol that the API uses

• consumes: The MIME type for the API’s input data type

• produces: The MIME type for the API’s output data type

• paths: The API’s available paths and operation

• definitions: Holds the data types produced and consumed by the operation

• parameters: Describes a single operation parameter

• responses: Describes the schema of a single response of an API operation

• securityDefinitions: Describes the security mechanisms without enforcing them on the operation

• securitySchemes: Specifies the security definitions that are enforced for the API’s operation

• tags: Specifies any additional information on the API

• externalDocs: Specifies links to any additional external documentations related to the API

For more information on each of these Swagger objects, please refer to the Swagger specification at https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md .

Table 4-1 lists the various major Swagger tools available at the time of this writing. OpenAPI community is constantly generating new tools to expand the reach of Swagger for different platforms in API development.

Why RAML?

RAML designs API interfaces that are developer- and user-friendly. Using RAML, API interfaces can be designed, tested, and shared with users to get feedback without writing a single line of code. APIs can be described in a human-readable text format. Tools like API Workbench and API Designer provide visual design. The RAML construct lets you reuse libraries, code, and design patterns in the API design, which saves lot of work.

RAML code generation tools create server-side code from the spec for different languages, such as Node.js, Java, JAX-RS, .NET, Python, Mule, IoT, and others. A RAML specification can also generate test cases for the API using many of the open source and commercially available API testing tools. This takes advantage of the test- driven development approach and generates test cases than can be integrated with the continuous improvement process.

API documentation can be easily generated dynamically on the fly from RAML with tools such as API Console, RAML2HTML, API Notebook, and others. This keeps the API documentation in sync with the implementation. API definitions in RAML can integrate with other systems. Many open source and commercial tools available today can generate SDKs for different languages from RAML definitions.

Professional services such as APIMatic.io and REST United offer to generate up to two SDKs at no cost. Oracle and MuleSoft provide built-in functionality in their API management products to import the RAML definition, which automatically pulls in the API resources, methods, and other properties, thus avoiding any manual setup of API calls in these tools. With API Notebook, developers can use RAML definitions to create interactive API walk-throughs and sample use cases using simple JavaScript.

More information on API Notebook is at https://api-notebook.anypoint.mulesoft.com .

RAML Structure

This section looks at the high-level structure of a RAML-based API specification document. The detailed schema and syntax can be found in the RAML specifications document at https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md .

A RAML API specification can be structured and organized into the following sections.

• Security scheme information: Describes the basic information about the API , such as title to identify the API, its version, the baseURI to specify its network location for invocation, supported protocols, and default media type and security requirements. Any user documentation that can serve as user guide or reference documentation can also be optionally included in this section.

• Data type: The data type is used to describe any data that is passed as a parameter for the API. A parameter can be in the URI as query parameters, in the header as header parameters, or in the request/response body. The data can be described using built-in types or by a new custom type definition created using a combination of the built-in data types. The data types can be defined using XML or JSON schemas, or RAML types. These can coexist as well. For more information on the data types definitions allowed in the RAML spec, please refer to https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#raml-data-types .

• Resources: Specifies how to access the API’s resources and subresources using URIs relative to the baseURI. The resources definition should start with a slash (/). A resource defined at the root level is called the parent resource. Each parent-level resource is identified using its own URI relative to the baseURI. Each parent resource may optionally have one or more child resources defined under it. This approach builds and defines a nested hierarchy of resources. The relative URI of a resource may consist of multiple URI path fragments separated by slashes; for example, /cart/items. This approach can be used only if an individual path item is not a resource. If the path items are themselves separate resources, then they should be defined as nested subresources. These is no limit to the level of resource nesting that is allowed. Template URIs containing URI parameters can be used when the resource identifier is a variable; for example, /products/{productId}. For more information on defining resources and nested resources using RAML, refer to https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#resources-and-nested-resources .

• Method: Describes the allowed HTTP verbs and the request parameters that can be used to manipulate a resource. The HTTP verbs that can be specified are GET, POST, PUT, PATCH, DELETE, HEAD, and OPTIONS. Each method can have an optional friendly name and description to describe its functionality. Any optional or mandatory HTTP headers required for a method should be specified under this section. The structure and any constraints or patterns of the header parameters that the API consumer should be aware of needs to be specified here. Similarly, any optional and mandatory query parameters to be passed as query string should also be specified. The request body for POST and PUT methods can be optionally described in this section. For more information on using method in a RAML definition, please refer to https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#methods .

• Response: Contains the schema and description of the response object received from the service for a method invocation. The response has two main sections: header and body. The header describes the possible HTTP status codes expected in the response header under various conditions. The body is optional and describes the media type and the structure of the message payload included in the response body. The structure can be defined using types defined in the data type section. For more information on the response definition, refer to https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#responses .

• Resource types and traits: Resource types and traits define reusage patterns and resources across the RAML definition. You may want to define the pattern for a HTTP header, or a query parameter, or a message payload, and then reuse it at different places within the RAML definition. A resource type is a partial definition of a resource that can specify security schemes, methods, and other properties. A resource that uses a resource type inherits its properties. A resource type can use another resource type. Traits are similar to resource types. The difference is that a trait is a partial method definition. It can be used to define method parameters, such as headers, query strings, and responses. Resources and resource types can also use and inherit from one or more traits. For more information on resource types and traits, refer to https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#resource-types-and-traits .

• Security: The API security scheme definition is specified in this section of the RAML definition. This section defines the OAuth, Basic Authentication, or Digest Authentication mechanism for API security. Any other forms of authentication can also be specified using x-<other> headers. Any headers or query parameters that pass through can also be specified in this section under the ‘passthrough’ attribute. If any API method requires a special security mechanism, it can be specified by the ‘securedBy’ attribute for that method. This overrides whichever security scheme has been applied to the API as a whole. If a method does not require any security scheme, it can be specified by the ‘securedBy’ attribute for that method with a null value. Multiple security schemes for a method can also be specified using the securedBy element with an array list of security schemes .

RAML Tools and Projects

RAML is supported by the developer community with a long list of tools and projects that address different API needs. These tools address different aspects of the API development lifecycle—from designing the API spec to sharing it with the broader community. New tools are also evolving to address newer requirements and languages. Some of the languages supported at the time of this writing are Java, JavaScript, .NET, Ruby, Node.js, Python, Go, and Haskell. This section briefly previews the most commonly used RAML tools.

• API Workbench is a tool by MuleSoft that provides a full-featured integrated development environment (IDE) that design, build, test, document, and share RESTful APIs. Using API Workbench, you can create RESTful APIs using a simple design-first approach based on RAML specifications. It supports both RAML 0.8 and RAML 1.0 versions of the specifications. This tool is based on Atom code editor developed by GitHub. The following are some of the main features of API Workbench.

  • An IDE that supports autocomplete, advanced search, live debugging, and symbol based navigation

  • Dynamic generation of API Mocking Service and API Console

  • Wizard-driven creation of API definitions based on RAML specifications

  • Automatic validation of RAML-based API definitions

  • Built-in support for integration with Git for source control and versioning

  • An integrated scripting engine and tooling for API testing and documentation

• API Designer is a tool from MuleSoft that allows a user to see real-time post-processing of their API definition. It provides three panels with areas to organize RAML files and folders, displays the contents of the document, and offers an interactive text editor. The text editor provides features such as autocomplete, export, and contextual tag lists. It also saves the API definition. For more information, please refer to https://github.com/mulesoft/api-designer .

• Restlet Studio provides a lightweight integrated development environment that can help accelerate API design. Built using Angular.js, it provides a web-based UI for API design. The following are some of the main features for Restlet Studio:

  • Visual web-based editor to define and edit API definitions for endpoint, resources, methods, and so forth.

  • The ability to group resources and representations into sections with scrollable a navigation panel helps extend support for even the most complex API definition

  • A built-in language translator switches between Swagger and RAML definitions

  • Generates server skeleton code using a built-in code generator service based on APISpark and Swagger

  • Generates client SDKs using a built-in code generator service based on APISpark and Swagger.

  • For more information on Restlet Studio, please refer to http://restlet.com/products/restlet-studio/#.

• API Notebook is another RAML tool by MuleSoft. It helps with live testing and exploring APIs . An API RAML definition can be imported into Notebook to create a client for the API, send requests, and view responses. Notebook’s autocomplete feature explores the API. Once a RAML definition for the API has been imported, the method definitions will appear in the tool-tip hints. The path segments of the API resource, separated by slashes (/), become nested JavaScript objects; for example, /my/myresource becomes {clientName}.my.myresource.

• RAML for JAX-RS provides a set of tools that generate a Java + JAX-RS-based application from a RAML API definition. It also provides roundtrip support by doing the reverse to generate a RAML API definition from an existing Java + JAX-RS definition.

• Abao provides a REST API testing tool for APIs defined using RAML. It tests the RAML definition for the API against the back-end implementation. This tool can be integrated with continuous integration (CI) tools such as Jenkins to test API documentation and keep it up-to-date. It uses the Mocha framework to test the validity of the API response. The following are some of its features:

  • Validates the API endpoint definition

  • Validates that each URL parameter defined in the RAML API spec is supported in the back-end service

  • Validates that each HTTP request and response header parameter defined in the RAML API spec is supported in the back-end service

  • Validates that the JSON schema for the request and response payload meets RAML specifications

• RAML Tools for .NET provides a Visual Studio extension for RAML-based APIs. It allows you to easily integrate and consume APIs defined using RAML and to create a new ASP .NET REST API implementation from a RAML definition using a design-first approach.

There are many other tools available as RAML projects that address the various needs of the developer community building and consuming REST APIs from a RAML definition. Based on the functionality, these tools can be primarily categorized by design, prototype, build, frameworks, test, document, share, parser, and converters. Most of the design tools provide a visual interface or plugins that can be used with other visual editors to design the RAML definition for the API. The prototype tools can be used to mockup response for APIs defined using RAML. They can test the API interface and create stubs as a replacement for the actual implementation for testing purposes. The build tools and frameworks generate the client SDK and server skeletons based on the RAML definition of various languages. This promotes the design-first approach for API development.

These tools test API documentation and implementation. They can generate test cases for APIs based on the RAML definition for the API. They validate the RAML definition against the actual implementation and thus keep the two in sync. The documentation tools create API documents in various formats; graphical API consoles, HTML, wikis, PDFs, and other formats can be shared with API consumers. The parser tools are libraries for different languages, which parse the RAML definition of the API. The converters convert the RAML to other API specification formats, such as Swagger.

Differences in RAML Specification Versions

At the time of writing , RAML has two versions: RAML 0.8 and RAML 1.0, which is in a release candidate (RC) state. RAML 1.0 provides more extensibility, code reuse, and flexibility features than the previous version. It introduces new features, such as libraries, overlays, improved security schemas, data typing, annotations, and enhanced examples.

• Libraries let you to include predefined sets of data types, resource types, security schemas, traits, and reusable assets.

• Overlays give the flexibility to include new information, such as descriptions, examples and annotations, which are defined in a different RAML file; for example:

  #%RAML 1.0
  types: !include myTypes.raml

• Security schemas have been enhanced to provide better support for OAuth 1 and 2, a new API key, and new custom security schemes.

• Data typescan be used in place of schemas and examples. The data type definition can be converted to XML or JSON format on the fly using some of the RAML tools. API designers can thus define only the data type for their input and output parameters and RAML takes care of the REST.

API Blueprint Document Structure

An API Blueprint document is structured into logical sections. For example, headers, URL parameters, and request/response can each be described in logically grouped sections. Each section is defined by predefined keywords. Depending on the section, the keyword is written either as a Markdown header entity or a list item entity. The following are the reserved keywords for defining the header and list entities in an API Blueprint document:

• Header keywords

  • Group

  • Data structure

  • HTTP methods

  • URI templates

  • Combination of HTTP methods and URI templates

• List keywords

  • Request

  • Response

  • Body

  • Schema

  • Model

  • Header and headers

  • Parameter and parameters

  • Values

  • Attribute and attributes

  • Relation

At a high level, the API Blueprint description for a REST API is organized in the following structure:

• Metadatadescribes the version of the API Blueprint specification used for documenting the API interface. It also contains the API name and a brief description.

• Resource and resource group describe the resources and the group of related resources used by the API. For example, in an online shopping experience, a customer may have one or more orders. So orders is defined as a resource group; within this group there can be a resource that returns a collection of orders.

  • Actions describe the operations that can be performed on a resource. It is specified using one of the HTTP verbs within square brackets.

• URI templates specify the variable parameters in the URI; for example, an order may be identified using an order ID. So to get the details of a specific order, you specify it using /orders/{order_id}.

  • URI parameters describe the variables being passed in a request URI or as a query parameter; for example, /path/to/resources/{varone}?path=test{&vartwo,varthree}.

For more information on each of these keywords, please refer to the API Blueprint Specification document in GitHub at https://github.com/apiaryio/api-blueprint/blob/master/API%20Blueprint%20Specification.md#def-api-blueprint-language .

API Blueprint Tools

The API Blueprint spec is supported by a good number of tools. This section discusses some of the most commonly used API Blueprint tools.

• Apiary.ioprovides a comprehensive tool that supports collaborative design, creation of API mockups, automated testing, autogeneration of interactive API documentations, API traffic inspection, and more.

• Dreddis an HTTP API testing tool. It is a command-line tool that can be used to test the API documentation written in API Blueprint against the back-end implementation. This tool can be integrated with CI tools to ensure that API documentations are always up-to-date.

• Drakovprovides a Node.js implementation of a mock server for APIs written using API Blueprint.

There are many other open source tools that support the API Blueprint format for SDK generations. They have various language formats, testing API interfaces, and plugins for API test clients; they can also convert API definitions from other formats to API Blueprint and vice versa. Since API Blueprint and its tools are open source, they can be freely integrated with all kinds of products to extend support for API Blueprint.