Since the early days of Optic, there's always been this tension between inferring API specifications from traffic (how we got our start), and teams wanting more mature "design-first" workflows.
Documenting your software is as important as developing your software. With maintenance making up 50–70 percent of a system's cost over its lifetime, it's important to be efficient and clear about how the software was built and how it behaves. If human beings are going to maintain the application, you must document your software.
However, it's a tedious and constantly evolving process, which means you need to always make changes to the documentation each time you make a change to your software codebase. But what if you don't have to worry so much about editing multiple documentation files each time you update your code? What if you could just focus on writing great code?
Documentation is one of the most important steps in building out an API. A good developer experience requires easy-to-use API documentation containing detailed instructions for navigating a given API endpoint.
I'm a big believer that the order you read a set of books can matter more than the books you read. When different ideas and perspectives mix into a savory synapse soup -- good things happen. That was my last 10 days. I've gotten to talk to some amazing people about the history of Swagger/OpenAPI (history matters), why API Specifications matter, and the problems we face building and scaling tools across the wider API Community.
My brain was overloading, so I sat down and did a talk:
Watch the Talk
According to Gallup, my top strength is Learner. That’s probably the reason I got into software development over two decades ago. Technology changes so quickly, there’s always something new to learn.
Java was the first real programming language I used back then. At the time, it had been around for about three years and was still very immature. But all this time, there’s something that I have always remembered and appreciated about Java: its exceptional API documentation. It was easy to understand, the examples were useful, and it was usually all I needed to solve any problem.
Good API documentation shouldn’t be exceptional, but it is. And it’s important.
Design First is a practice that encourages us to design any API change before writing the code code. The goal is to do the upfront work to produce better API changes. Design First is normally done by modifying an OpenAPI document first and then using that change as guidance on what to develop.
But Design First is a small piece to the larger API development process. There are more practices and patterns we need in order to make design a cornerstone to building good APIs.
When taken alone, Design First seems to imply that the process is linear—first there's the design, then development, then deployment. But design doesn't work this way. Design is something we're always doing, even when writing code.
What then are the practices we need to add into our Design First workflows that makes Design First work?
I’m new around here, and my first post is about something I really love… code that makes life easier!
To begin with Optic's CLI is ridiculously easy to start using within your application, you simply head to the root of your directory and run
api init, configure your
.optic.yaml to wrap your application start command, and tada you’ve started gathering data about your API endpoints by just using them. Super simple and great right? To look at the full process and implement it yourself, please check out our documentation.
But what happens when you can’t do that? Plenty of instances exist where it’s very complex to work in a team and wrap the command that starts your application. What happens when you use feature flags on that command, or you have to make operating system specific changes, or your API testing is done entirely internally and doesn't hit the network?
Code reviews are an essential part of any high-quality software development process. A thorough code review can prevent bugs and regressions from slipping into production, improve code quality and consistency, and ensure your team knows about important changes before they go live.
While looking at code can help you find flaws in your logic, it's notoriously hard to trace changes through your application to see how they might actually affect your API.
Application Programming Interface (API) testing is more complicated than testing a single-host application. Single-host applications can often be covered by unit and integration tests, but an API functions only if there is a both requester and a respondent. To fully test your API, you have to think about testing the application from both of these perspectives.
Testing the API from the perspective of the requester means testing authentication, data accuracy, data formatting, overall consistency, and relevance of available documentation. The respondent needs unit tests for the components it uses and the data transformations it makes. It also needs to ensure it can both handle properly formulated requests and reject requests that are malformed or maliciously formed. You also need to test the connection to the data layer to ensure that whatever source the API draws from is accessible and understandable. This article will go into more detail about the tools and best methods for effectively testing your API.
I've worked on two different products that provided API design guide tooling. The idea for both was the same—provide a tool that helps companies design consistent APIs and helps communicate good design patterns to all of their developers.
It's common for a company to take inventory of their APIs and see lots of inconsistency. One API uses camel case while another uses snake case. One puts the version in the URL, another doesn't. These companies try to address this by putting together their own set of API guidelines and adopting tools that help them apply these guidelines to their APIs during the development process. This is where our design guide tooling came in.
Design guide tooling—which goes by names like style guide, standardization, governance, and linting—allows people to express guidelines in code and apply those guidelines to an OpenAPI document. Imagine a rule that makes sure every API endpoint requires authentication and returns a 403 when not provided. When a rule like this fails, the tools can prevent the teams from merging the code until they resolve the issue. It’s a big win for scaling an API strategy across many teams.
But there's always been a nagging feeling something is missing.