the$api$pla*orm - qcon san francisco · traffic!control!...
TRANSCRIPT
![Page 1: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/1.jpg)
The API Pla*orm
QCon San Francisco November 17, 2011
Greg Brail @gbrail
Apigee @apigee
Marcin Wichary
![Page 2: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/2.jpg)
Overview
What is an API? What is an API PlaForm? Typical API Call Flow API PlaForm Challenges
![Page 3: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/3.jpg)
What Makes an API an API?
APIs have a contract WADL WSDL Web site Phone call…
APIs are used by other programmers
Michael Jefferies
![Page 4: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/4.jpg)
What Else?
APIs in 2011 use a consistent technology stack HTTP(s) OAuth JSON and/or XML AWributes of the
REST Architectural Style*
(*Not getting into that can of worms today, sorry)
Alan Berning
![Page 5: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/5.jpg)
What’s Not an API?
• A bunch of XML web services you wrote for your mobile app
• A SOAP service hidden inside the corporate network
Does it have a contract so that others can use it? If not, it’s not an API
![Page 6: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/6.jpg)
Why a PlaForm for APIs?
APIs aren’t web apps
Image by lindzstrom
![Page 7: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/7.jpg)
Web Apps vs APIs Web App For normal humans
(great paWern-‐matchers)
Change is good Password security A few browser versions Client will run your scripts
API For programs
(lousy paWern-‐matchers)
Incompa]ble change is bad OAuth security Many different client devices Client won’t
![Page 8: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/8.jpg)
What Goes in the API PlaForm?
Authen]ca]on Authoriza]on Audit Format media]on Transforma]on Caching
Rate Limi]ng Threat Detec]on Content Customiza]on Logging Analy]cs Developer “On-‐boarding”
![Page 9: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/9.jpg)
Typical API Call Flow Not all APIs use these exact steps… but many do, and usually in this order
![Page 10: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/10.jpg)
Threat Detec]on
Is the API request an obvious security threat? Correct input format (JSON or XML valida]on) Obvious injec]on aWacks Suspect IP address
![Page 11: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/11.jpg)
Authen]ca]on
Are the security creden]als valid? Valid OAuth token
Both end user and applica]on are authen]cated
Correct password Valid SSL cert
Basis of the next processing steps…
![Page 12: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/12.jpg)
Authoriza]on
Is the user allowed to make this API call? Ofen based on OAuth “scope” Lots of other ways to do this
Tom Hensel
![Page 13: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/13.jpg)
Traffic Control
Is the user or app allowed to make the call now? Does it have quota?
Business-‐oriented limit on traffic Based on user, applica]on, or both
Is there an addi]onal rate limit? Opera]ons-‐based limits based on IP, etc.
Do we need to restrict traffic anyway? Priori]ze to help an overloaded back end
![Page 14: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/14.jpg)
Caching
Did we cache the API response? API response caching in the “last mile” can be very effec]ve, in addi]on to all the other caching layers:
App server Database Disk CPU Etc.
![Page 15: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/15.jpg)
Media]on
Did the server return what the client wants?
May need to convert otherwise XML to JSON SOAP to REST
A big issue when building APIs from legacy systems
Is the client making many calls? Aggregate on the server
Tom Natt
![Page 16: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/16.jpg)
Rou]ng
Where should the API call go now? Mul]ple ]ers of servers
Sandbox Produc]on Different databases, geographies
![Page 17: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/17.jpg)
Analy]cs
What are the API usage paWerns? Usage Response Time Error Rate
By applica]on By developer By end user By IP address
![Page 18: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/18.jpg)
Business Logic
Where does the actual API code run? Now, web apps and APIs both need:
Code deployment Thread scheduling Database connec]on management, etc.
Sounds like an app server to me… There are nice API-‐specific toolkits that run there
JAX-‐RS for Java, Sinatra for Ruby, etc.
![Page 19: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/19.jpg)
Don’t Forget
Docs and Test Console Remember that APIs are contracts and developers would rather test than read
Developer Sign-‐Up They need creden]als to build an app
![Page 20: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/20.jpg)
Abstract API PlaForm
![Page 21: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/21.jpg)
Where is the API PlaForm?
Built in to the applica]on server Code libraries Less complex, no latency
Or, an addi]onal network ]er Can combine many APIs into one Offloads rate limits, security, etc. Addi]onal latency
But not as much as you think
![Page 22: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/22.jpg)
For Example
A company may start with a simple API Manual developer sign-‐up, simple authen]ca]on
They may want to open to a larger audience Developer portal for sign up OAuth Quotas / rate limits Caching
An API plaForm enables this change
![Page 23: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/23.jpg)
Another Example
A company may have many web services But they are not suitable for use by API developers Bad design, incompa]ble security, etc.
An API plaForm can virtualize these services Route to the right service Transform requests and responses Enforce consistent security and rate limits
![Page 24: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/24.jpg)
Interes]ng Challenges
OAuth Rate Limi]ng Performance
![Page 25: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/25.jpg)
OAuth >= LDAP
Authen]ca]on should be easy to scale 1. Deploy LDAP 2. Replicate it all over the place 3. Presto!
![Page 26: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/26.jpg)
This Used to be Fine
Runs at human speed Expecta]ons were low
Change my password every once in a while It usually works within a minute or two Some]mes it doesn’t and that’s OK
Works fine with a single master Read-‐only replica]on for scalability
![Page 27: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/27.jpg)
OAuth is Different
Runs at device speed Lots of API calls, liWle latency
Create “unauthen]cated request token” and immediately use it Validate password and expect it to work right away
Today’s apps demand up]me It’s not OK for “OAuth to be down right now”
![Page 28: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/28.jpg)
Big OAuth
Lots of data centers Thousands of requests / second Hundreds of new OAuth tokens / second No ]me for down]me
![Page 29: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/29.jpg)
Enter CAP
Consistency Availability Par]]on Tolerance
Pick Two See Eric Brewer, 2000: hWp://en.wikipedia.org/wiki/CAP_theorem
Rafal Kiermacz
![Page 30: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/30.jpg)
Naïve Solu]on
• OAuth tokens go in a database • Read-‐only replicas for scalability
If the master goes down, No new tokens are issued Many new API clients fail
![Page 31: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/31.jpg)
Another Solu]on
Use a data store that supports “AP” … an “eventually consistent key-‐value store” Cassandra Riak Voldemort
![Page 32: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/32.jpg)
“AP” Solu]on
OAuth tokens are simple A unique, random number Very simple lifecycle
Create Invalidate Refresh (Some]mes)
In other words, inconsistency can be handled
![Page 33: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/33.jpg)
“AP” Database Example
Three or more database servers Three copies of every OAuth token (N = 3) Try to write new tokens to all (W >= 1) Read from one (R = 1) Retry if token is not found (R = 3)
![Page 34: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/34.jpg)
Controlling API Traffic
Frequent customer request: API calls == money Customers buy “buckets” of calls Want 100 percent consistency Want 99.99 percent availability
![Page 35: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/35.jpg)
This is a Hard Problem
Back to the CAP Theorem Consistency Availability Par]]on Tolerance
Pick Two
Rafal Kiermacz
![Page 36: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/36.jpg)
Synchronous Server Solu]on
One copy of each customer’s API quota One big database, cache, with sharding Fail over if it breaks
100 percent consistent Not par]]on-‐tolerant Performance limited by database / cache
![Page 37: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/37.jpg)
Asynchronous Server Solu]on
Central “quota server” Each node calculates local quota
Communicates with the quota server out of band
Less consistent Because we sync quotas asynchronously
Par]]on-‐tolerant Faster too
![Page 38: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/38.jpg)
“AP” Quota Solu]on
Take advantage of vector clocks Available and par]]on-‐tolerant More consistent than a fully asynchronous one Good enough for most tasks hWp://wiki.apache.org/cassandra/Counters
![Page 39: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/39.jpg)
Performance: The API Fron]er
Our API plaForm includes a proxy server Lots in common with an app server
Threads, concurrency, HTTP processing
But also not A proxy passes data through and may not change it An app server returns a totally different response
Pop Quiz: Which one will be faster? C + Java + custom FPGA Java
![Page 40: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/40.jpg)
Making APIs Perform
I love solving API performance problems Lots of concurrency High throughput Low latency
![Page 41: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/41.jpg)
Making APIs Perform
I hate solving API performance problems Lousy test tools Lousy test methodology Lousy loca]ons for test clients Slow back end servers Blaming the new guy
![Page 42: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/42.jpg)
What I’ve Learned
Start with a fast test client JMeter is too slow “ab” is great but limited Others are complex My entry: hWp://code.google.com/p/apib
Start with a fast back end At least for tes]ng Apache hWpd can reply 75,000+ ]mes / second…
![Page 43: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/43.jpg)
What Else I’ve Learned
Most people do it wrong Test run is too short (less then 5 seconds!) Test is returning 404 25% of the ]me No one measured CPU usage No one calculated network bandwidth etc.
![Page 44: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/44.jpg)
And also
Isolate, baby, isolate Turn everything off Get a baseline Then turn things back on one at a ]me…
Measure, baby, measure The thing you think is awful isn’t that bad The thing you don’t know about is awful
![Page 45: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/45.jpg)
Conclusion
APIs have dis]nct needs A dedicated “API PlaForm” eases the burden There are lots of ways to do this And lots of challenges along the way Thanks!
![Page 46: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/46.jpg)
Daniel Jacobson, Greg Brail & Dan Woods
APIsA Strategy Guide
![Page 47: The$API$Pla*orm - QCon San Francisco · Traffic!Control! Is!the!user!or!app!allowed!to!make!the!call!now?% Does!ithave!quota?! Business\oriented!limiton!traffic! Based!on!user,!applicaon,!or!both!](https://reader033.vdocument.in/reader033/viewer/2022050106/5f441f8b4e6e0d0c1e29e049/html5/thumbnails/47.jpg)
THANK YOU QuesHons and ideas to: @gbrail