5 Anti-Patterns in Api Design - NDC London 2016

API DESIGN
5 Anti-Patterns
in
Ali
@aliostadKheyrollahi

W iiiiiiire Wiie
5 Anti-PatternsWho Are WeASOS
ASOS is a global fashion
destination for 20-somethings.
From fashion advice, stories
and inspiration, to more than
80,000 products available to
buy on any device, ASOS, with
its unbeatable service, is a true
home for fashion lovers.

5 Anti-PatternsIn NumbersASOS
~1 bln Turnover (£)
1.1 bln visits / year
9.9 mln Active customers
58% International
3.7 M
3.3 M
2.4 M
885 K

API, API . . .
. . . everywhere

API Iceberg
“This huge mass underneath the water that you can't see,
the private API, is the biggest part of the whole
opportunity.”
Daniel Jacobson, Netflix - 2011

@aliostad
Micro services
“ … the microservice architectural style is an
approach to developing a single application as a
suite of small services, each running in its own
process and communicating with lightweight
mechanisms, often an HTTP resource API”
Martin Fowler - Bliki

@aliostad
Resources and
representations
REST Uniform Interface
S e l f - d e s c r i p t i v e
messages
Hypermedia

@aliostad
HTTP Client-Server
GET /api/catalogue/products/123456
GET /api/catalogue/Products/123456
S e r v e r C o n c e r n

@aliostad
HTTP Client-Server
301 Moved Permanently
Location /api/catalogue/products/123456
C l i e n t C o n c e r n
???
1
2

@aliostad
HTTP Client-Server
M i x e d C o n c e r n
200 OK
max-age: 300
If-Modified-Since: Fri, 15 Jan 2016 10:28:16 GMT
304 Not Modified

@aliostad
Client-Server Boundary
Boundary

@aliostad
CSDS Client-Server Domain Separation
“ Client and server must
deﬁne and live within their
own bounded context ”

S e r v e r

5 Anti-Patterns in Api Design - NDC London 2016

@aliostad
C l i e n t
Can be a server itself1
2 Uses services of server(s) to bring value to end-user (directly or indirectly)
3 Free to take dependency on Server’s public domain (Resource Comprehension)
Normally keeps state but does not master it4

Anti-Pattern Transparent Server
1

“server exposes its
internal implementation
to its clients”
server's private domain or the domain of its
underlying dependencies bleeds into its
public API

@aliostad
E x a m p l e 1

E x a m p l e 2
Always for a customer1
2 Only for customers currently shopping
3 Get expired after inactivity
A couple of tables or
a document database
4 Max one basket per customer

@aliostad
E x a m p l e 2
POST /baskets?cid=908
201 Created
Location: /baskets/123435455456
POST /baskets/123435455456{...}
200 OK
x

@aliostad
E x a m p l e 2
POST customer/me/basket
{…}
200 OK
✓

Anti-Pattern Chauvinist Server
2

“designing the API from
server's perspective”
Server pushes its thinking and process
to the client
resulting in the client becoming
a subordinate

@aliostad
H A T E O A S(and not hypermedia itself)
Hypermedia
as the Engine
of Application (state)

H A T E O A S
Client most likely a server [wasteful to navigate]2
3 Client uses more than one server
6 Microservices: servers smaller, containing a couple of resources
4 Undeﬁned caching directives for hypermedia
Server hasn’t got a clue what the application is1
5 Don’t try to spare the client composing URLs

H A T E O A S?
R e a l l y ? ?

Anti-Pattern Demanding Client
3

“client enforces its special
needs onto the API
signature”
certain clients limitations (or reluctance to
implement) become server's default behaviour

@aliostad
GET /api/catalogue/products.xml
GET /api/catalogue/products.json
GET /api/catalogue/products?format=xml
GET /api/catalogue/products?format=json
x
E x a m p l e 1
Bioenergy KDF
REST API

@aliostad
GET /api/catalogue/products
Accept: application/json
E x a m p l e 1
✓

@aliostad
E x a m p l e 2
GET /api/catalogue/products?client=mobile
GET /api/catalogue/products?model=summary
x

@aliostad
E x a m p l e 2
✓GET /api/catalogue/products?fields=foo,bar,jazz
GET /api/catalogue/products_summary

Anti-Pattern Assuming Server
4

“server assumes the role of
deﬁning client experience”
server makes decisions on issues that are
inherently client concerns

@aliostad
E x a m p l e 1
GET /api/catalogue/products/pages/1
GET /api/catalogue/products/pages/2
x

E x a m p l e 1
GET /api/catalogue/products?from=1&count=30
✓
GET /api/catalogue/products?offset=1&limit=30

E x a m p l e 2
B r o w s e r
s n i f f i n g

Anti-Pattern Presumptuous Client
5

“client takes on responsibilities
that cannot fulﬁl”
Client presumes it can fulﬁl some
responsibilities that are inherently server’s

E x a m p l e s
A P I
Identity

E x a m p l e s
I D S E R V E R
Long Expiry Token
ID Request
A P I
Token

E x a m p l e s
I D S E R V E R
ID Token
ID Request
A P I
Access TokenAccess Token
. . .
ID Token
✓

@aliostad
E x a m p l e s
Client act as an authority for authentication or authorisation1
2 Client implements an algorithm that needs to be centralised on server
3 Client takes control of cache invalidation

@aliostad
Microservices take importance of APIs to a new level1
2 Think of your API as a restaurant and remember the contrast with kitchen
3 Transparent Server: Exposing internals
Re Cap
4 Chauvinist Server: Client becoming a subordinate
5 Demanding Client: Client enforcing special needs to API signature
6 Assuming Server: Server deciding client experience
7 Presumptuous Client: Client taking responsibilities cannot fulﬁl

Thank You
@aliostad
http://byterot.blogspot.com

5 Anti-Patterns in Api Design - NDC London 2016

More Related Content

Viewers also liked (7)

Similar to 5 Anti-Patterns in Api Design - NDC London 2016 (20)

More from Ali Kheyrollahi (11)

Recently uploaded (20)

5 Anti-Patterns in Api Design - NDC London 2016