i love apis 2015: advanced crash course in apigee edge workshop
TRANSCRIPT
1
Crash Course: Advanced Topics in Apigee Edge!
©2015 Apigee Corp. All Rights Reserved.
The Team
3
Deep Dive 3-legged OAuth 2.0!Alex Koo – Apigee Principal Architect
Diego Zuluaga – Apigee Principal Architect
©2015 Apigee Corp. All Rights Reserved.
So, what’s the use case for it?
4
do I want to give access to these these resources
to someone else?
Essentially: How to authorize external applications to access your resources
©2015 Apigee Corp. All Rights Reserved.
OAuth Basic Concepts
• OAuth 2.0 is a protocol that allows clients to grant access to server resources to another entity without sharing credentials
• Client IDs and Secrets are used to identify and authenticate applications (application's consumer key and consumer secret)
• Tokens are issued to allow access to specific resources for a specified period of time and may be revoked by the user that granted permission or by the server that issued the token
©2015 Apigee Corp. All Rights Reserved.
OAuth Basic Concepts
• We can use scopes to limit the access for a given token, granting permission only for the operations that are necessary
• Five different grant types specify the different authentication usage scenarios OAuth supports
• We must protect tokens, and OAuth 2.0 requires that all API traffic be sent via SSL
©2015 Apigee Corp. All Rights Reserved.
Access Tokens Access Tokens allow access to a protected resource for a specific application to perform only certain actions for a limited period of time.
Identification info from the requesting application (client ID and secret)
+ Resource owner credentials (if needed)
+ Optional information about what the application wants to do with the resource (scope)
= Access Token and (optional) refresh token
In Apigee, access tokens are opaque strings with no encoded meaning. Access tokens are passed as bearer tokens in an Authorization header.
©2015 Apigee Corp. All Rights Reserved.
Refresh Tokens Refresh Tokens, if provided, represent a limited right to reauthorize the granted access by obtaining new access tokens.
Identification info from the requesting application (client ID and secret)
+ Refresh token
+ Optional information about what the application wants to do with the resource (scope)
= Access Token
©2015 Apigee Corp. All Rights Reserved.
Scopes Scopes identify what an application can do with the resources to which it is requesting access. Scope names are defined by the authorization server and are associated with information that enables decisions on whether a given API request is allowed or not.
Scope 1: “READ” ● GET /photos
● GET /photos/{id}
Scope 2: “UPDATE” ● GET /photos
● GET /photos/{id}
● POST /photos
● PUT /photos/{id}
Apigee associates scope names to be matched with a combination of API resource path and verb. So, for example:
When an application requests an access token, the scope names are optional.
©2015 Apigee Corp. All Rights Reserved.
OAuth 2.0 Grant Types
Grant Type Typical Use Case Complex?
No specific resource owner is involved
Client Credentials Business system interactions, where resources being operated on are owned by the partner, not a particular user
No
A specific resource owner is involved
Resource Owner Password Credentials
Resources are owned by a particular user and the requesting application is trusted
A bit
Authorization Code
Resources are owned by a particular user and the requesting application is untrusted
Very
Implicit Resources are owned by a particular user, and the requesting application is an untrusted browser-based app written in a scripting language such as JavaScript
Very, and potentially insecure as well
Refresh For generating a new access token. Refresh tokens have longer TTLs than access tokens.
No
An OAuth Grant is a credential representing the resource owner’s authorization. More often than not, we tend to think of grants in terms of the process used to obtain an access token.
©2015 Apigee Corp. All Rights Reserved. 13
OAuth 2.0 Auth Code Grant Type
©2015 Apigee Corp. All Rights Reserved. 14
©2015 Apigee Corp. All Rights Reserved.
Before we get started… 1. Open an Account in Cloud9 - it’s free…
https://c9.io
2. Start by cloning this Apigee Samples Repo
git clone https://github.com/apigee/api-platform-samples.git
– https://github.com/apigee/api-platform-samples • Login App • Third-party App • OAuth 2.0 API • User Authentication/Management Endpoint
3. Install apigeetool npm install apigeetool -g
Let’s dissect our API Proxy Bundles
©2015 Apigee Corp. All Rights Reserved.
webserver-app bundle • Represents the third-party web app • Link or button to the login page
$ curl http://testmyapi-‐test.apigee.net/web -‐v > GET /web HTTP/1.1 > Host: testmyapi-‐test.apigee.net < HTTP/1.1 200 OK <!DOCTYPE html> <html> <head> <script> var BASEURL="https://testmyapi-‐test.apigee.net"; var REDIRECT="https://testmyapi-‐test.apigee.net/web/callback"; var CLIENT_ID="VXNYaci4FGfKfEERy5KhXHeIln2pONDr"; function login() { window.location.href=BASEURL+'/loginapp/login?apikey='+CLIENT_ID+'&redirect_uri='+REDIRECT+'&scope=order&state=123'; } </script> </head> <body> <input type="button" value="Login with Apigee Example Auth" onclick="login()" /> </body> </html>
©2015 Apigee Corp. All Rights Reserved.
login-app bundle • Represents the login-app - login page:
curl https://testmyapi-‐test.apigee.net/loginapp/login\?apikey\=VXNYaci4FGfKfEERy5KhXHeIln2pONDr\&redirect_uri\=https://testmyapi-‐test.apigee.net/web/callback\&scope\=order\&state\=123 -‐v > GET < HTTP/1.1 200 OK < set-‐cookie: sid=s%3AiHGIrOYTOfGwncJNV03Typkeb6rYAB6V.8GGzrvr4JTHZV6l%2FUo2oKqBgCHuNGbrvE8uulbXvjW8; Path=/; Expires=Mon, 05 Oct 2015 01:45:46 GMT; HttpOnly <!DOCTYPE html> <html> <head> <title>Login</title> <link rel="stylesheet" type="text/css" href="/loginapp/stylesheets/global.css" > <meta name="viewport" content="width=device-‐width, initial-‐scale=1, maximum-‐scale=1, user-‐scalable=no"> </head> <body> <form id="login" name="login" method="post"> <h1><img src="/loginapp/images/apigee_logo_md.png" alt="Apigee" /></h1> <label for="username" class="noshow">Username</label> <input id="username" name="username" type="text" placeholder="Email address" required /> <label for="password" class="noshow">Password</label> <input id="password" name="password" type="password" placeholder="Password" required /> <input name="submit" type="submit" value="Login" /> <p class="intro">or <a href="/loginapp/register?apikey=VXNYaci4FGfKfEERy5KhXHeIln2pONDr&state=123&scope=order&redirect_uri=https%3A%2F%2Ftestmyapi-‐test.apigee.net%2Fweb%2Fcallback">register</a>.</p> </form> </body> * Connection #0 to host testmyapi-‐test.apigee.net left intact </html>
©2015 Apigee Corp. All Rights Reserved.
login-app bundle • Represents the login-app - submit credentials:
$ curl 'https://testmyapi-‐test.apigee.net/loginapp/login?apikey=VXNYaci4FGfKfEERy5KhXHeIln2pONDr&state=123&scope=order&redirect_uri=https%3A%2F%2Ftestmyapi-‐test.apigee.net%2Fweb%2Fcallback&app=oauth2-‐app' -‐H 'Cookie: __lc.visitor_id.3296802=S1436475468.3abaac467f; sid=s%3ARL8HY7b7IqporrtwlLUi8-‐E5uX4YkAY4.yxUe2oPoukTxjwhoHdhz%2B8k9A9ghfsu7B%2Ft2rWuF8Og' -‐H 'Content-‐Type: application/x-‐www-‐form-‐urlencoded' -‐-‐data 'username=dzuluaga%40apigee.com&password=apigee123&submit=Login' -‐-‐compressed -‐v > POST /loginapp/login?apikey=VXNYaci4FGfKfEERy5KhXHeIln2pONDr&state=123&scope=order&redirect_uri=https%3A%2F%2Ftestmyapi-‐test.apigee.net%2Fweb%2Fcallback&app=oauth2-‐app HTTP/1.1 > Host: testmyapi-‐test.apigee.net > User-‐Agent: curl/7.42.1 > Accept: */* > Accept-‐Encoding: deflate, gzip > Cookie: __lc.visitor_id.3296802=S1436475468.3abaac467f; sid=s%3ARL8HY7b7IqporrtwlLUi8-‐E5uX4YkAY4.yxUe2oPoukTxjwhoHdhz%2B8k9A9ghfsu7B%2Ft2rWuF8Og > Content-‐Type: application/x-‐www-‐form-‐urlencoded > Content-‐Length: 62 > * upload completely sent off: 62 out of 62 bytes < HTTP/1.1 302 Found < X-‐Powered-‐By: Express < Location: /loginapp/consent?apikey=VXNYaci4FGfKfEERy5KhXHeIln2pONDr&app=oauth2-‐app&state=123&scope=order&redirect_uri=https%3A%2F%2Ftestmyapi-‐test.apigee.net%2Fweb%2Fcallback < set-‐cookie: sid=s%3AbigsdjFYyAfyuFg7Jk-‐HgcVkojwLzKI9.5B3q8Pq23EVv3ffNSX5yqok77XyV6ZCRgCfCdIWwbzc; Path=/; Expires=Mon, 05 Oct 2015 04:41:30 GMT; HttpOnly
©2015 Apigee Corp. All Rights Reserved.
user-mgmt-v1 bundle - User Store
• Serves as the credential validation endpoint
$ curl https://testmyapi-‐test.apigee.net/v1/users/authenticate \ -‐X POST -‐d '{"username": "[email protected]", "password": "apigee123" }' \ -‐H 'Content-‐Type:application/json' -‐v < HTTP/1.1 403 Forbidden < Content-‐Type: application/json < Content-‐Length: 85 < Connection: keep-‐alive < * Connection #0 to host testmyapi-‐test.apigee.net left intact {"status":"failure", "message":"Authentication failed for user [email protected]."}%
©2015 Apigee Corp. All Rights Reserved.
login-app bundle • Represents the login-app - consent page: “Allow” decision=yes
curl 'https://testmyapi-‐test.apigee.net/loginapp/consent?apikey=VXNYaci4FGfKfEERy5KhXHeIln2pONDr&app=oauth2-‐app&state=123&scope=order&redirect_uri=https%3A%2F%2Ftestmyapi-‐test.apigee.net%2Fweb%2Fcallback' -‐H 'Cookie: __lc.visitor_id.3296802=S1436475468.3abaac467f; sid=s%3AMYwxTt148YagDN-‐htNbRv9UppUml9cYR.9rL7bNV3p93TAamgLk3wVTVAnpOdvuzkLzhligHGnaw'-‐H 'Content-‐Type: application/x-‐www-‐form-‐urlencoded' -‐-‐data 'decision=yes' -‐-‐compressed -‐v > Content-‐Type: application/x-‐www-‐form-‐urlencoded > Content-‐Length: 12 > * upload completely sent off: 12 out of 12 bytes < HTTP/1.1 302 Found < X-‐Powered-‐By: Express < Location: https://testmyapi-‐test.apigee.net/web/callback?scope=&code=ylkMuj5l < Date: Mon, 05 10 2015 04:53:08 GMT < Content-‐Length: 0 < Connection: keep-‐alive
Get cookie from previous request
Authorization code
©2015 Apigee Corp. All Rights Reserved.
webserverapp bundle
• Send authorization code to oauth2 bundle to obtain an access token • Uses the secret
$ curl 'https://testmyapi-‐test.apigee.net/web/callback?scope=&code=LwhCoj7P' -‐v > GET /web/callback?scope=&code=LwhCoj7P HTTP/1.1 < HTTP/1.1 302 Redirect < Location: https://testmyapi-‐test.apigee.net/web?access_token=GOocdfQI40xNhZGUTn4uhIcwGYAS < Content-‐Length: 0 < Connection: keep-‐alive
©2015 Apigee Corp. All Rights Reserved.
Additional ChallengesQ&A
23
©2015 Apigee Corp. All Rights Reserved.
Use tokens from a Third Party Provider e.g. Google or Facebook
Use case: – I want use tokens from Google or Facebook to access user resources – I want leverage Apigee API Management capabilities. E.g. Traffic management, analytics,
big data, etc.
API proxy Sample
• Apigee Tutorial http://apigee.com/docs/api-services/content/use-third-party-oauth-system
• Music Access - API Proxy Sample https://github.com/dzuluaga/apigee-tutorials/tree/master/apiproxies/musicapi-oauth-delegated-authentication
• Google OAuth 2.0 Playground https://developers.google.com/oauthplayground/
©2015 Apigee Corp. All Rights Reserved.
How to Reuse Refresh Token?
1
Mashup’s and CORSMaruti C
Vinit Mehta
Mashup’s
What is a Mashup ?
What are its types ?
• Business (or enterprise) mashups• Consumer mashups• Data mashups
What are the characteristics of a mashup ?
2©2015 Apigee. All Rights Reserved.
Mashup’s
What is a Mashup ?
What are its types ?
• Business (or enterprise) mashups• Consumer mashups• Data mashups
What are the characteristics of a mashup ?
3©2015 Apigee. All Rights Reserved.
World of Mashup’s
4©2015 Apigee. All Rights Reserved.
Architecture of Mashup’s
Presentation / User Interface
APIs
Data
5©2015 Apigee. All Rights Reserved.
Code or Configure
6©2015 Apigee. All Rights Reserved.
7©2015 Apigee. All Rights Reserved.
Manage interactions with API consumers and optimize
performance
Secure APIs and protect back-end systems from
attack
Transform, translate and reformat data for easy
consumption
Extend with programming when you need it
Power of Policies
Advantages
• Immediate Value
• Development effort
• Innovate new ideas and use information in ways not originally planned for
8©2015 Apigee. All Rights Reserved.
{“Hungry?”: “AskAnApigeek!”,“Stressed?": “AskAnApigeek!”,“Car Wash?": “AskAnApigeek!”,“Beer?”: “Definitely_AskAnApigeek!!” }
9©2015 Apigee. All Rights Reserved.
10©2015 Apigee. All Rights Reserved.
Cross-Origin Resource Sharing (CORS)
11©2015 Apigee. All Rights Reserved.
1
Continuous Integration for a Node.js Proxy using Cloud Tools Rakesh Talanki
Apigee Principal Architect
Introduction and Agenda
2
Agenda
3
1. Set up Node.js API in Apigee 8.00
2. Build API scaffolding with Yeoman 15:00
3. Use Grunt to build and deploy 10:00
4. Use Git for Source Control 5.00
5. Test using Postman 10:00
6. Test using Mocha, Chai and Nock 10:00
7. API Documentation 5:00
8. Use Travis to set up CI 30:00 ©2015 Apigee. All Rights Reserved.
Set up Continuous Integration for API’s using Cloud Tools
Getting ready
• Apigee Free Account • NPM and Node.js - https://goo.gl/080g8Q • Git (optional) - https://goo.gl/rTyIvP • Github Free Account – http://www.github.com • Apigee Free Account on Cloud • Travis Account (free)- https://travis-ci.org/
4 ©2015 Apigee. All Rights Reserved.
There must be a way to automate all of tedious work!
5 ©2015 Apigee. All Rights Reserved.
Execute Functional Tests
5
Clean API Bundle Files and Folders
Copy Artifacts
Deactivate last revision from the API Services
Import and deploy API bundle to API Services
Deploy and Test Documentation on CMS
Execute Unit Tests
Execute Performance Tests
Any other manual tasks…
Configure Artifacts for each environment (DEV, QA, STG, PROD, etc.)
Package Artifacts (zip)
Package phase
Configure phase
Install phase
Emphasis slide
6
Before After
Continuous Integration
7
Development SCM Build Prod
©2015 Apigee. All Rights Reserved.
SIT UAT
Continuous Integration (CI) is the practice, in software engineering, of merging all developer working copies with a shared mainline several times a day
CI: The Volkswagen Approach
8 ©2015 Apigee. All Rights Reserved.
Then, we detect when our tests are being run in a CI server, and make them pass.*
*https://github.com/auchenberg/volkswagen
We master Emission Test Results with Software
Building a CI Environment
9
CI: The Process
10 ©2015 Apigee. All Rights Reserved.
Continuous Integration
Dev Team
Source Code
Version Control
Pull Request or Merge
API Job is triggered
Static Code Analysis
Code coverage analysis
Deploy API Bundle
Run Unit, Functional,
and Performance
Tests
Publish Reports
Update Docs
Step 1: Build an API Proxy
11 ©2015 Apigee. All Rights Reserved.
API
Step 2: Decide on a Build Tool
12 ©2015 Apigee. All Rights Reserved.
Step 3: Deploy to Apigee on Public Cloud
13 ©2015 Apigee. All Rights Reserved.
Step 4: Run Local Tests
14 ©2015 Apigee. All Rights Reserved.
Step 5: Use a CI Tool
15 ©2015 Apigee. All Rights Reserved.
Step 6: Generate Interactive Documentation
16 ©2015 Apigee. All Rights Reserved.
Hands-on
17
Putting it all together: Continuous Integration
18
API Proxy Scaffolding Generator
• Gets you started with starter API Proxy
• Standardizes naming conventions by generating policies and other artifacts
• Based on Yeoman, so it can extended for other tools, not only Grunt, but also Maven
Let’s try it! Install Npm and Node: Open http://nodejs.org in a browser and click Install.
Check: node --version
Upgrade Node to 0.10.35 or higher:
npm cache clean
npm update –g
Install yeoman: npm install –g yo
Install Grunt: npm install –g grunt-cli
Install Grunt plugin: npm install -g generator-apigee-deploy-grunt-api
Run yo: yo apigee-deploy-grunt-api
http://goo.gl/lSZrth
19
API Proxy Scaffolding Generator
Build and Deploy
20
Apigee Deploy Grunt Plugin
• TDD Ready - Mocha, Jasmine, Karma, any JS test framework and even Jmeter
• Supports code review - with JSHint and ESLint – cyclomatic complexity
• Supports Configuration Management - Search and replace based on XPath and RegExp
• Supports node.js remote deployment and Java Policies
• Plays well with CI (Continuous Integration) – Jenkins, Travis, Go, Bamboo, etc.
• Supports reusable policies via search and replace files and Git Submodules
• It’s way easier to customize via Grunt Custom Tasks
Grunt or Maven?
21
Apigee Deploy Maven Plugin • Test based on JMeter • Config Management - Search and replace
based on Xpath • Plays well with CI – Jenkins mostly. Nice
looking reports • Supports node.js remote deployment and
Java Policies • Supports reusable policies via Supports
Proxy Dependency Maven Plugin
▪ Easy and flexible
▪ It’s Node! NPM
▪ Compatible with CI
▪ https://github.com/apigeecs/apigee-deploy-grunt-plugin
▪ Follow steps from README.md
▪ Plays well with TDD frameworks
▪ Empowers the developer to apply continuous improvement to the
lifecycle
22
Grunt API Lifecycle Management Plugin
▪ Configuration Management - apigee-config.js
23
Grunt API Lifecycle Management Plugin
exports.xmlconfig = function(env, grunt){ config = { "test" : [ { "options": { "xpath": "//APIProxy/Description", "value": "<%= grunt.option('gitRevision') %>" }, "files": { "target/apiproxy/<%= apigee_profiles[grunt.option('env')].apiproxy %>.xml": "apiproxy/*.xml" } }, { "options": { "xpath": "//TargetEndpoint/HTTPTargetConnection/URL", "value": "https://weather.yahooapis.com/forecastrss" }, "files": { "target/apiproxy/targets/default.xml": "apiproxy/targets/default.xml" } }, { "options": { "xpath": "//ProxyEndpoint/HTTPProxyConnection/BasePath", "value": "/weathergrunt" }, "files": { "target/apiproxy/proxies/default.xml": "apiproxy/proxies/default.xml" } } ],
✓ More time to focus on what really matters by automating repetitive tasks
✓ Innovation ready. Extensible plugin-based platform
✓ Promotes productivity. Promotes usage of CLI (Command-Line Interface). No need for IDEs
✓ Easy to adopt. No need of CLI. Eclipse IDE Support through M2E and IntellijIDEA, WebStorm
✓ Easy to configure and to track changes. All of its artifacts can live in version control as text files
✓ Multilanguage support. One JVM to rule them all (Ruby, Jython, JavaScript, Groovy, Scala) or even Shell scripts
✓ Tens of Thousands plugins ready in Maven Central
✓ Backed up by Apigee and the open source community
24
Why choose Apigee’s Maven?
Hands-on
25
Putting it all together: Continuous Integration
Let’s try it! http://goo.gl/lSZrth
26
Grunt
Deploy to Apigee
grunt --env=test --username={apigee_edge_email_address} --password={apigee_edge_password} --debug --curl=true --upload-modules
Use apigee gateway and with Yahoo Weather standard Target
https://{org-env}.apigee.net/{api-basepath}/apigee/forecastrss?w=2502265
Use apigee gateway calling Yahoo Weather through Apigee Node.js as Target
https://{org-env}.apigee.net/{api-basepath}/apigee/forecastweather_node?w=2502265
Testing
27
Grunt Tests with Mocha and friends http://goo.gl/xHLzSh
• TDD (Test Driven Development) for APIs
• Faster to write than BDD (Behavior Driven Development)
• Mocha Testing Framework, Chai for Assertions
28
Testing
describe('Check weather in cities', function() { async.each(weatherData.simpleWeatherArray() , function(cityData, callback) { it('you should be able to get forecast weather for ' + cityData.name + ' from this API Proxy.', function(done) { var options = { url: cityData.url, //'https://testmyapi-‐test.apigee.net/weathergrunt/apigee/forecastrss?w=2502265', headers: { 'User-‐Agent': 'request' } } request(options, function (error, response, body) { expect(body).to.contain(cityData.name) //Sunnyvale, Madrid assert.equal(cityData.responseCode, response.statusCode) done() }) }) callback(); }); });
POSTMAN • Postman an API Testing tool
• Very widely used by Developer and Tester community
• Add Jetpacks - They are awesome $9 upgrades
29
Testing
POSTMAN with Newman Newman
– A command-line collection runner for Postman.
– It allows you to effortlessly run and test a Postman collection
– Can be Integrated with your build tools like Maven/Grunt and make it part of your CI build
– https://www.getpostman.com/docs/newman_intro
30
Testing
JMeter
31
Testing
▪ Get examples https://github.com/apigee/apigee-deploy-maven-plugin ▪ Use assertions to
▪ Validate response codes ▪ Validate payload content ▪ Validate schemas (JSON – DRAFT04) ▪ Validate response times. Spot network latency and performance issues
32
Mocks with Nock
• Promotes CDC (Consumer-Driven Contract)
• Promotes faster development
• No backend? No problem
– Issues with starting development without a contract in place:
• There’s no formality, downstream systems changes, no one knows! ☹
• Downstream systems can run tests to verify whether they’re breaking the contract
• There’s a backend? No problem
– Nock can record request and response objects
• Request/response: content, headers, status codes, delay, etc.
Demo
33
Putting it all together: Continuous Integration
Let’s try it! Goto Postman and Create a collection of tests
Download your collection
Install newman: npm install -g newman Run your collection: newman -c mycollection.json
Run your collection 10 times: newman -c mycollection.json -n 10
34
POSTMAN/Newman
Let’s try it! http://goo.gl/pDxzYG
35
Mocha/Chai
Adding Tests Add to tests/weatherapi.js
Adding Data Driven Tests If your tests need data that can be fetched via XHR, stick a .json file in the data
directory, you can access it at /data/<filename>.json.
Source Code Management
36
SCM
▪ Define your branching and merging strategy from the get go
▪ Opt for a scalable model
▪ Single Repo vs. Multiple Repos
▪ Communicate and provide feedback through pull requests (aka. social coding)
▪ Apply CI and avoid big bang merges
▪ Practice, practice, practice
▪ API Artifacts
– API proxy source code (XML, JS, Java, Python, binaries, etc.)
– API Documentation (Markdown, HTML) ▪ Testing Artifacts
– Scripts
– Data
▪ Configuration, Deployment and management scripts
– Management API requests to create entities like target servers and data stores
– Configuration Data
▪ Keep sensitive data out of SCM
SCM
What can be managed in SCM?
Source code management: “Fork-and-pull” model
Production Environment
Developer Workstation
Fork repository
Clone to w
orkstation
Deploy and test
1
2
3
4
Development Environment
Testing Environment
Com
mit
to c
lone
re
posi
tory
Issue pull request
5
Deploy to test
Deploy to production
67 8Committers
▪ Identify benefits of SCM
▪ Apply fork and pull requests
▪ Learn SCM models pros and cons
▪ Monolithic vs Single and Multiple Repos
▪ Identify SCM branch types and how to use them
▪ Apply merging
40
Summary
Continuous Integration
41
Continuous Integration
Principles ▪ Maintain a code repository
▪ Automate the build ▪ Make the build self-testing
▪ Keep the build fast ▪ Make it easy to get the latest deliverables ▪ Everyone can see the results of the latest build
▪ Automate deployment
43
The Full Circle
Continuous Integration
Dev Team
Source Code
Version Control
Pull Request or Merge
API Job is triggered
Static Code Analysis
Code coverage analysis
Deploy API Bundle
Run Unit, Functional,
and Performance
Tests
Publish Reports
Update Docs
– API Lifecycle – Tooling: Jenkins and Travis – Connect to a Git Repo – Leverage
– Maven Plugin – Grunt
Reap Your Benefits!!!
• Makes it visible and measurable!!! • Faster to Market!!! • Save on Maintenance $$$!!!
44
Continuous Integration and Deployment
Demo
45
Putting it all together: Continuous Integration
Let’s try it! https://travis-ci.org
46
Travis Integration If you do not have git installed, then
● Fork my repository https://github.com/rakeshtl/CI-‐Travis.git If you have git installed, then
● Create New Public Repository -‐ https://github.com/new ● Goto your directory and run the following commands ● Npm install –g git ● git init ● git add . ● git commit -‐m "first commit" ● git remote add origin https://github.com/{....} (eg. https://github.com/rakeshtl/grunt-tests.git) ● git push -‐u origin master
CI on Travis
● Goto https://travis-‐ci.org ● Add a New Repository ● Goto your Profile, Flick the repository switch on (toggle the checkbox) ● Add the two environment variables -‐ ae_username, ae_password
○ Provide Apigee Credentials ● Ensure .travis.yml file is in your repository ● Trigger your first build with a git push (git add, git commit -m "committing", git push) ● Goto your home page on Travis and watch the build ● Check your Email for Notifications.
Go For IT!!!
API Documentation
48
• Interactive documentation is becoming the standard for documenting your APIs (e.g. swagger).
• Always treat documentation as code and keep it in version control.
• Functional changes to code likely change how consumers use the API.
• Deploy documentation when you deploy the API code.
49
Things to Think About…
© 2013 Apigee Confidential – All Rights Reserved
API Modeling Describe an API structure
SmartDocs Generate interactive documentation
API-based Integrate with any portal / CMS
50
Apigee Edge Developer Services
gh-pages
Other CMS
Apigee SmartDocs Overview
Thank you
Fall 2014