SlideShare une entreprise Scribd logo

Open Source API Observability Tool

L
LibbySchulze

Api clarity webinar

Internet
1  sur  21
Télécharger pour lire hors ligne
© 2021 Cisco and/or its affiliates. All rights reserved. Open Source API Observability Tool Zohar Kaufman, Alexei Kravtsov Sep 2021
© 2021 Cisco and/or its affiliates. All rights reserved. Agenda Why do we need API Specs reconstruction ? Possible open source packages survey Introducing APIClarity (design, architecture) It’s Demo Time Roadmap & closing comments Q&A
© 2021 Cisco and/or its affiliates. All rights reserved. Cloud services and microservices architecture gaining popularity Typically using OpenAPI Specification: Standard, language-agnostic interface Allows both humans and computers to discover and understand the capabilities of a service No access to source code or other documentation is needed Interface files for describing, producing, consuming, and visualizing RESTful web services Allows parallel development of client and server applications using generated code and mocks OpenAPI Specs
© 2021 Cisco and/or its affiliates. All rights reserved. API Specs Challenges Not all applications have their OpenAPI specification available (legacy, external) Designed API vs Runtime API Deprecated APIs (Zombie APIs) Undocumented APIs (Shadow APIs) Breaking changes Differences over time Obtaining OpenAPI Spec without code instrumentation or modifying existing workloads
© 2021 Cisco and/or its affiliates. All rights reserved. API Specs Challenges - Gartner Every connected mobile, modern web or cloud-hosted application uses and exposes APIs: Easy to expose but difficult to defend Used to access data and to call application functionality Large and growing attack surface, leading to a growing number of publicized API attacks and breaches
© 2021 Cisco and/or its affiliates. All rights reserved. Existing Open Source Solutions Similar products: Akita, Imvision, Salt Open sources: Optic, Avantation, har2openapi, Response2Schema, InducOapi, SwagDefGen Community tool (free but not open source): API Shark, SwaggerHub List of Tools: Open API Tools, API Specification Toolbox
© 2021 Cisco and/or its affiliates. All rights reserved. Open API Tools https://openapi.tools/ Tool Types • Auto Generators: Tools that will take your code and turn it into an OpenAPI Specification document • Converters: Various tools to convert to and from OpenAPI and other API description formats • Data Validators: Check to see if API requests and responses are lining up with the API description • Description Validators: Check your API description to see if it is valid OpenAPI • Documentation: Render API Description as HTML (or maybe a PDF) so slightly less technical people can figure out how to work with the API • DSL: Writing YAML by hand is no fun, and maybe you don't want a GUI, so use a Domain Specific Language to write OpenAPI in your language of choice • GUI Editors: Visual editors help you design APIs without needing to memorize the entire OpenAPI specification • Learning: Whether you're trying to get documentation for a third-party API based on traffic or are trying to switch to design-first at an organization with no OpenAPI at all, learning can help you move your API spec forward and keep it up to date • Miscellaneous: Anything else that does stuff with OpenAPI but hasn't quite got enough to warrant its own category • Mock Servers: Fake servers that take description document as input, then route incoming HTTP requests to example responses or dynamically generates examples • Parsers: Loads and read OpenAPI descriptions, so you can work with them programmatically • SDK Generators: Generate code to give to consumers, to help them avoid interacting at a HTTP level • Security: By poking around your OpenAPI description, some tools can look out for attack vectors you might not have noticed • Server Implementations: Easily create and implement resources and routes for your APIs • Testing: Quickly execute API requests and validate responses on the fly through command line or GUI interfaces • Text Editors: Text editors give you visual feedback whilst you write OpenAPI, so you can see what docs might look like
© 2021 Cisco and/or its affiliates. All rights reserved. API Specification Toolbox http://api.specificationtoolbox.com/services/
© 2021 Cisco and/or its affiliates. All rights reserved. Optic Open Source tool Helps developers to document, review and approve API changes prior to deploying them Language agnostic, works with any REST API Observes development traffic and learns your API’s behavior Detects API changes by diffing traffic against the current specification Adds an accurate API changelog to every Pull Request Mechanism to manually review and update the specification Not designed to monitor multi service environments
© 2021 Cisco and/or its affiliates. All rights reserved. SwaggerHub No need for a setup – generate API traffic from Web UI Records API traffic and converts it to OAS using SwaggerHub Not an open source No integration with runtime environments
© 2021 Cisco and/or its affiliates. All rights reserved. API Shark Live monitoring of multi-service environments OAS spec learning from runtime traffic Automatic parameter detection Seamless No Spec Diff detection Not an open source No review option of the learned spec
© 2021 Cisco and/or its affiliates. All rights reserved. Live monitoring of multi-service environments Spec Diff detection Not free Not an open source Imvision API Security OAS spec learning from runtime traffic Mechanism to manually review and update the specification
© 2021 Cisco and/or its affiliates. All rights reserved. No code changes are needed to any of your App Construct the OpenAPI specification by observing the API traffic UI dashboard to audit and monitor the API findings Alert the user on any difference between the approved API specification and the one that is observed in runtime, detects shadow & zombie APIs Introducing APIClarity Capture all API traffic in an existing environment using a service-mesh framework Allow the User to upload OpenAPI spec, review, modify and approve generated OpenAPI specs
© 2021 Cisco and/or its affiliates. All rights reserved. APIClarity: High-Level Architecture Users Istio Client App Envoy Proxy Fronted App Envoy Proxy Backend App Envoy Proxy POST/login GET/clients Mirror API traffic from Proxies OpenAPI Spec Engine UI • API events • Learned Specs • API Diff API spec user review Frontend Pod Client Pod Backend Pod K8s Cluster
© 2021 Cisco and/or its affiliates. All rights reserved. Spec Reconstruction Features Parameter detection (Path, query, header, cookie) Object references Security definitions File transfer
© 2021 Cisco and/or its affiliates. All rights reserved. Demo Environment K8s cluster Istio service mesh APIClarity installed Sock-shop demo app Setup
© 2021 Cisco and/or its affiliates. All rights reserved. Demo Flow 1 2 3 4 5 6 7 APIClarity deployment overview (clone, build, deploy) Visibility of runtime API events Event filtering, hit count graphs OAS learning – generating traffic using the sock-shop demo app Review of automatically generated OAS learned from the traffic Approve the reviewed spec and see in Swagger UI User provided spec Monitor and observe whether the API events correspond to set specs API event diffs, Shadow APIs, Zombie APIs
© 2021 Cisco and/or its affiliates. All rights reserved. It’s Demo Time © 2021 Cisco and/or its affiliates. All rights reserved.
© 2021 Cisco and/or its affiliates. All rights reserved. API development and security aspects of APIClarity Analyze spec for security issues and best practices Run API fuzzing tests using the spec Generate Client and Server code Generate Client and Server mocks Documentation Knowing the API Spec is the first step to identifying your API risks Mock generation Documentation Fuzzing tests OAS issue analysis Security Development Code generation
© 2021 Cisco and/or its affiliates. All rights reserved. Roadmap OAS 3.0, GraphQL, gRPC Integration with additional environments (Browsers, Postman, API gateways, etc.) Support spec schema review in UI System settings User management
© 2021 Cisco and/or its affiliates. All rights reserved. Questions? © 2021 Cisco and/or its affiliates. All rights reserved.

Recommandé

Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management ArchitecturesNordic APIs
 
Web Development In 2018
Web Development In 2018Web Development In 2018
Web Development In 2018Traversy Media
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Azure IoT HubShahriar Hossain
 
Introduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseIntroduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseRobert Crane
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
Google cloud
Google cloudGoogle cloud
Google cloudvipin ojha
 
Open Banking - Demetra teaser
Open Banking - Demetra teaserOpen Banking - Demetra teaser
Open Banking - Demetra teaserMauro Giorgi
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryKrunal Trivedi
 

Recommandé

Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management ArchitecturesNordic APIs
 
Web Development In 2018
Web Development In 2018Web Development In 2018
Web Development In 2018Traversy Media
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Azure IoT HubShahriar Hossain
 
Introduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseIntroduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseRobert Crane
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
Google cloud
Google cloudGoogle cloud
Google cloudvipin ojha
 
Open Banking - Demetra teaser
Open Banking - Demetra teaserOpen Banking - Demetra teaser
Open Banking - Demetra teaserMauro Giorgi
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryKrunal Trivedi
 
CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA Technologies
 
Introduction to MuleSoft
Introduction to MuleSoftIntroduction to MuleSoft
Introduction to MuleSoftSalesforce Developers
 
Business Transactions with AppDynamics
Business Transactions with AppDynamicsBusiness Transactions with AppDynamics
Business Transactions with AppDynamicsAppDynamics
 
apidays LIVE Singapore 2022 - Commercial Models for Open Finance in South Ea...
apidays LIVE Singapore 2022 - Commercial Models for Open Finance in South Ea...apidays LIVE Singapore 2022 - Commercial Models for Open Finance in South Ea...
apidays LIVE Singapore 2022 - Commercial Models for Open Finance in South Ea...apidays
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API ManagementApigee | Google Cloud
 
Low-Code App Development
Low-Code App DevelopmentLow-Code App Development
Low-Code App DevelopmentAppian
 
Broker: adventure through architecture pattern
Broker: adventure through architecture patternBroker: adventure through architecture pattern
Broker: adventure through architecture patternPivorak MeetUp
 
Introduction to Google Cloud Services / Platforms
Introduction to Google Cloud Services / PlatformsIntroduction to Google Cloud Services / Platforms
Introduction to Google Cloud Services / PlatformsNilanchal
 
Introduction to Modern Identity with Auth0's Developer
Introduction to Modern Identity with Auth0's Developer Introduction to Modern Identity with Auth0's Developer
Introduction to Modern Identity with Auth0's DeveloperProduct School
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
A Product Requirements Document (PRD) Sample
A Product Requirements Document (PRD) SampleA Product Requirements Document (PRD) Sample
A Product Requirements Document (PRD) SampleRick Wingender, MBA, MS, PMP, CSPO
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overviewgjuljo
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFEPrabath Siriwardena
 
Azure Cloud Services
Azure Cloud ServicesAzure Cloud Services
Azure Cloud ServicesKajal Kathrotiya
 
Async API specification
Async API specificationAsync API specification
Async API specificationNordic APIs
 
Introduction To Jira
Introduction To JiraIntroduction To Jira
Introduction To JiraHua Soon Sim
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0WSO2
 
UC4 SCHEDULING
UC4 SCHEDULINGUC4 SCHEDULING
UC4 SCHEDULINGroelspi
 
apidays Paris 2022 - The 12 Facets of the OpenAPI Specification, Steve Sfartz...
apidays Paris 2022 - The 12 Facets of the OpenAPI Specification, Steve Sfartz...apidays Paris 2022 - The 12 Facets of the OpenAPI Specification, Steve Sfartz...
apidays Paris 2022 - The 12 Facets of the OpenAPI Specification, Steve Sfartz...apidays
 
the 12 facets of OpenAPI
the 12 facets of OpenAPIthe 12 facets of OpenAPI
the 12 facets of OpenAPICisco DevNet
 

Contenu connexe

Tendances

CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA Technologies
 
Business Transactions with AppDynamics
Business Transactions with AppDynamicsBusiness Transactions with AppDynamics
Business Transactions with AppDynamicsAppDynamics
 
apidays LIVE Singapore 2022 - Commercial Models for Open Finance in South Ea...
apidays LIVE Singapore 2022 - Commercial Models for Open Finance in South Ea...apidays LIVE Singapore 2022 - Commercial Models for Open Finance in South Ea...
apidays LIVE Singapore 2022 - Commercial Models for Open Finance in South Ea...apidays
 
Low-Code App Development
Low-Code App DevelopmentLow-Code App Development
Low-Code App DevelopmentAppian
 
Broker: adventure through architecture pattern
Broker: adventure through architecture patternBroker: adventure through architecture pattern
Broker: adventure through architecture patternPivorak MeetUp
 
Introduction to Google Cloud Services / Platforms
Introduction to Google Cloud Services / PlatformsIntroduction to Google Cloud Services / Platforms
Introduction to Google Cloud Services / PlatformsNilanchal
 
Introduction to Modern Identity with Auth0's Developer
Introduction to Modern Identity with Auth0's Developer Introduction to Modern Identity with Auth0's Developer
Introduction to Modern Identity with Auth0's DeveloperProduct School
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overviewgjuljo
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFEPrabath Siriwardena
 
Async API specification
Async API specificationAsync API specification
Async API specificationNordic APIs
 
Introduction To Jira
Introduction To JiraIntroduction To Jira
Introduction To JiraHua Soon Sim
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0WSO2
 
UC4 SCHEDULING
UC4 SCHEDULINGUC4 SCHEDULING
UC4 SCHEDULINGroelspi
 

Tendances (20)

CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application Security
 
Introduction to MuleSoft
Introduction to MuleSoftIntroduction to MuleSoft
Introduction to MuleSoft
 
Business Transactions with AppDynamics
Business Transactions with AppDynamicsBusiness Transactions with AppDynamics
Business Transactions with AppDynamics
 
apidays LIVE Singapore 2022 - Commercial Models for Open Finance in South Ea...
apidays LIVE Singapore 2022 - Commercial Models for Open Finance in South Ea...apidays LIVE Singapore 2022 - Commercial Models for Open Finance in South Ea...
apidays LIVE Singapore 2022 - Commercial Models for Open Finance in South Ea...
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
 
Low-Code App Development
Low-Code App DevelopmentLow-Code App Development
Low-Code App Development
 
Broker: adventure through architecture pattern
Broker: adventure through architecture patternBroker: adventure through architecture pattern
Broker: adventure through architecture pattern
 
Introduction to Google Cloud Services / Platforms
Introduction to Google Cloud Services / PlatformsIntroduction to Google Cloud Services / Platforms
Introduction to Google Cloud Services / Platforms
 
Introduction to Modern Identity with Auth0's Developer
Introduction to Modern Identity with Auth0's Developer Introduction to Modern Identity with Auth0's Developer
Introduction to Modern Identity with Auth0's Developer
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
A Product Requirements Document (PRD) Sample
A Product Requirements Document (PRD) SampleA Product Requirements Document (PRD) Sample
A Product Requirements Document (PRD) Sample
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overview
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
 
Azure Cloud Services
Azure Cloud ServicesAzure Cloud Services
Azure Cloud Services
 
Async API specification
Async API specificationAsync API specification
Async API specification
 
Introduction To Jira
Introduction To JiraIntroduction To Jira
Introduction To Jira
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
 
UC4 SCHEDULING
UC4 SCHEDULINGUC4 SCHEDULING
UC4 SCHEDULING
 

Similaire à Open Source API Observability Tool

apidays Paris 2022 - The 12 Facets of the OpenAPI Specification, Steve Sfartz...
apidays Paris 2022 - The 12 Facets of the OpenAPI Specification, Steve Sfartz...apidays Paris 2022 - The 12 Facets of the OpenAPI Specification, Steve Sfartz...
apidays Paris 2022 - The 12 Facets of the OpenAPI Specification, Steve Sfartz...apidays
 
the 12 facets of OpenAPI
the 12 facets of OpenAPIthe 12 facets of OpenAPI
the 12 facets of OpenAPICisco DevNet
 
API workshop: Introduction to APIs (TC Camp)
API workshop: Introduction to APIs (TC Camp)API workshop: Introduction to APIs (TC Camp)
API workshop: Introduction to APIs (TC Camp)Tom Johnson
 
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, CiscoApidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Ciscoapidays
 
Presentation at the 2016 Linux Foundation Collab Summit
Presentation at the 2016 Linux Foundation Collab SummitPresentation at the 2016 Linux Foundation Collab Summit
Presentation at the 2016 Linux Foundation Collab SummitOpen API Initiative (OAI)
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18Vinay Kumar
 
Apidays Paris 2023 - Why API Contracts Matter, Stève Sfartz, Cisco
Apidays Paris 2023 - Why API Contracts Matter, Stève Sfartz, CiscoApidays Paris 2023 - Why API Contracts Matter, Stève Sfartz, Cisco
Apidays Paris 2023 - Why API Contracts Matter, Stève Sfartz, Ciscoapidays
 
Anypoint connector Roadmap
Anypoint connector RoadmapAnypoint connector Roadmap
Anypoint connector Roadmapdanishsm84
 
Extend soa with api management spoug- Madrid
Extend soa with api management spoug- MadridExtend soa with api management spoug- Madrid
Extend soa with api management spoug- MadridVinay Kumar
 
Oracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons LearntOracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons Learntluisw19
 
18 facets of the OpenAPI specification - Cisco Live US 2023
18 facets of the OpenAPI specification - Cisco Live US 202318 facets of the OpenAPI specification - Cisco Live US 2023
18 facets of the OpenAPI specification - Cisco Live US 2023Cisco DevNet
 
The 12 facets of the OpenAPI standard.pdf
The 12 facets of the OpenAPI standard.pdfThe 12 facets of the OpenAPI standard.pdf
The 12 facets of the OpenAPI standard.pdfCisco DevNet
 
Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...
Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...
Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...HostedbyConfluent
 
APIdays Barcelona 2019 - How a Cloud native Architecture helps to drive Busin...
APIdays Barcelona 2019 - How a Cloud native Architecture helps to drive Busin...APIdays Barcelona 2019 - How a Cloud native Architecture helps to drive Busin...
APIdays Barcelona 2019 - How a Cloud native Architecture helps to drive Busin...apidays
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays
 

Similaire à Open Source API Observability Tool (20)

apidays Paris 2022 - The 12 Facets of the OpenAPI Specification, Steve Sfartz...
apidays Paris 2022 - The 12 Facets of the OpenAPI Specification, Steve Sfartz...apidays Paris 2022 - The 12 Facets of the OpenAPI Specification, Steve Sfartz...
apidays Paris 2022 - The 12 Facets of the OpenAPI Specification, Steve Sfartz...
 
the 12 facets of OpenAPI
the 12 facets of OpenAPIthe 12 facets of OpenAPI
the 12 facets of OpenAPI
 
API workshop: Introduction to APIs (TC Camp)
API workshop: Introduction to APIs (TC Camp)API workshop: Introduction to APIs (TC Camp)
API workshop: Introduction to APIs (TC Camp)
 
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, CiscoApidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
 
Presentation at the 2016 Linux Foundation Collab Summit
Presentation at the 2016 Linux Foundation Collab SummitPresentation at the 2016 Linux Foundation Collab Summit
Presentation at the 2016 Linux Foundation Collab Summit
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18
 
Apidays Paris 2023 - Why API Contracts Matter, Stève Sfartz, Cisco
Apidays Paris 2023 - Why API Contracts Matter, Stève Sfartz, CiscoApidays Paris 2023 - Why API Contracts Matter, Stève Sfartz, Cisco
Apidays Paris 2023 - Why API Contracts Matter, Stève Sfartz, Cisco
 
Api design part 1
Api design part 1Api design part 1
Api design part 1
 
Anypoint connector Roadmap
Anypoint connector RoadmapAnypoint connector Roadmap
Anypoint connector Roadmap
 
Extend soa with api management spoug- Madrid
Extend soa with api management spoug- MadridExtend soa with api management spoug- Madrid
Extend soa with api management spoug- Madrid
 
Oracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons LearntOracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons Learnt
 
18 facets of the OpenAPI specification - Cisco Live US 2023
18 facets of the OpenAPI specification - Cisco Live US 202318 facets of the OpenAPI specification - Cisco Live US 2023
18 facets of the OpenAPI specification - Cisco Live US 2023
 
The 12 facets of the OpenAPI standard.pdf
The 12 facets of the OpenAPI standard.pdfThe 12 facets of the OpenAPI standard.pdf
The 12 facets of the OpenAPI standard.pdf
 
Api tools overview
Api tools overviewApi tools overview
Api tools overview
 
Day 1 axway apim-training
Day 1 axway apim-trainingDay 1 axway apim-training
Day 1 axway apim-training
 
Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...
Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...
Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...
 
APIdays Barcelona 2019 - How a Cloud native Architecture helps to drive Busin...
APIdays Barcelona 2019 - How a Cloud native Architecture helps to drive Busin...APIdays Barcelona 2019 - How a Cloud native Architecture helps to drive Busin...
APIdays Barcelona 2019 - How a Cloud native Architecture helps to drive Busin...
 
API Presentation
API PresentationAPI Presentation
API Presentation
 
API Conference 2021
API Conference 2021API Conference 2021
API Conference 2021
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
 

Plus de LibbySchulze

Running distributed tests with k6.pdf
Running distributed tests with k6.pdfRunning distributed tests with k6.pdf
Running distributed tests with k6.pdfLibbySchulze
 
Extending Kubectl.pptx
Extending Kubectl.pptxExtending Kubectl.pptx
Extending Kubectl.pptxLibbySchulze
 
Enhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo WorkflowsEnhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo WorkflowsLibbySchulze
 
Fallacies in Platform Engineering.pdf
Fallacies in Platform Engineering.pdfFallacies in Platform Engineering.pdf
Fallacies in Platform Engineering.pdfLibbySchulze
 
Intro to Fluvio.pptx.pdf
Intro to Fluvio.pptx.pdfIntro to Fluvio.pptx.pdf
Intro to Fluvio.pptx.pdfLibbySchulze
 
Enhance your Kafka Infrastructure with Fluvio.pptx
Enhance your Kafka Infrastructure with Fluvio.pptxEnhance your Kafka Infrastructure with Fluvio.pptx
Enhance your Kafka Infrastructure with Fluvio.pptxLibbySchulze
 
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfCNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfLibbySchulze
 
Oh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdfOh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdfLibbySchulze
 
Rancher MasterClass - Avoiding-configuration-drift.pptx
Rancher MasterClass - Avoiding-configuration-drift.pptxRancher MasterClass - Avoiding-configuration-drift.pptx
Rancher MasterClass - Avoiding-configuration-drift.pptxLibbySchulze
 
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptxvFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptxLibbySchulze
 
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
CNCF Live Webinar: Low Footprint Java Containers with GraalVMCNCF Live Webinar: Low Footprint Java Containers with GraalVM
CNCF Live Webinar: Low Footprint Java Containers with GraalVMLibbySchulze
 
EnRoute-OPA-Integration.pdf
EnRoute-OPA-Integration.pdfEnRoute-OPA-Integration.pdf
EnRoute-OPA-Integration.pdfLibbySchulze
 
AirGap_zusammen_neu.pdf
AirGap_zusammen_neu.pdfAirGap_zusammen_neu.pdf
AirGap_zusammen_neu.pdfLibbySchulze
 
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...LibbySchulze
 
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...LibbySchulze
 
CNCF_ A step to step guide to platforming your delivery setup.pdf
CNCF_ A step to step guide to platforming your delivery setup.pdfCNCF_ A step to step guide to platforming your delivery setup.pdf
CNCF_ A step to step guide to platforming your delivery setup.pdfLibbySchulze
 
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdfCNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdfLibbySchulze
 
Securing Windows workloads.pdf
Securing Windows workloads.pdfSecuring Windows workloads.pdf
Securing Windows workloads.pdfLibbySchulze
 
Securing Windows workloads.pdf
Securing Windows workloads.pdfSecuring Windows workloads.pdf
Securing Windows workloads.pdfLibbySchulze
 
Advancements in Kubernetes Workload Identity for Azure
Advancements in Kubernetes Workload Identity for AzureAdvancements in Kubernetes Workload Identity for Azure
Advancements in Kubernetes Workload Identity for AzureLibbySchulze
 

Plus de LibbySchulze (20)

Running distributed tests with k6.pdf
Running distributed tests with k6.pdfRunning distributed tests with k6.pdf
Running distributed tests with k6.pdf
 
Extending Kubectl.pptx
Extending Kubectl.pptxExtending Kubectl.pptx
Extending Kubectl.pptx
 
Enhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo WorkflowsEnhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo Workflows
 
Fallacies in Platform Engineering.pdf
Fallacies in Platform Engineering.pdfFallacies in Platform Engineering.pdf
Fallacies in Platform Engineering.pdf
 
Intro to Fluvio.pptx.pdf
Intro to Fluvio.pptx.pdfIntro to Fluvio.pptx.pdf
Intro to Fluvio.pptx.pdf
 
Enhance your Kafka Infrastructure with Fluvio.pptx
Enhance your Kafka Infrastructure with Fluvio.pptxEnhance your Kafka Infrastructure with Fluvio.pptx
Enhance your Kafka Infrastructure with Fluvio.pptx
 
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfCNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
 
Oh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdfOh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdf
 
Rancher MasterClass - Avoiding-configuration-drift.pptx
Rancher MasterClass - Avoiding-configuration-drift.pptxRancher MasterClass - Avoiding-configuration-drift.pptx
Rancher MasterClass - Avoiding-configuration-drift.pptx
 
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptxvFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
 
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
CNCF Live Webinar: Low Footprint Java Containers with GraalVMCNCF Live Webinar: Low Footprint Java Containers with GraalVM
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
 
EnRoute-OPA-Integration.pdf
EnRoute-OPA-Integration.pdfEnRoute-OPA-Integration.pdf
EnRoute-OPA-Integration.pdf
 
AirGap_zusammen_neu.pdf
AirGap_zusammen_neu.pdfAirGap_zusammen_neu.pdf
AirGap_zusammen_neu.pdf
 
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
 
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
 
CNCF_ A step to step guide to platforming your delivery setup.pdf
CNCF_ A step to step guide to platforming your delivery setup.pdfCNCF_ A step to step guide to platforming your delivery setup.pdf
CNCF_ A step to step guide to platforming your delivery setup.pdf
 
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdfCNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
 
Securing Windows workloads.pdf
Securing Windows workloads.pdfSecuring Windows workloads.pdf
Securing Windows workloads.pdf
 
Securing Windows workloads.pdf
Securing Windows workloads.pdfSecuring Windows workloads.pdf
Securing Windows workloads.pdf
 
Advancements in Kubernetes Workload Identity for Azure
Advancements in Kubernetes Workload Identity for AzureAdvancements in Kubernetes Workload Identity for Azure
Advancements in Kubernetes Workload Identity for Azure
 

Dernier

『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 

Dernier (20)

『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 

Open Source API Observability Tool

  • 1. © 2021 Cisco and/or its affiliates. All rights reserved. Open Source API Observability Tool Zohar Kaufman, Alexei Kravtsov Sep 2021
  • 2. © 2021 Cisco and/or its affiliates. All rights reserved. Agenda Why do we need API Specs reconstruction ? Possible open source packages survey Introducing APIClarity (design, architecture) It’s Demo Time Roadmap & closing comments Q&A
  • 3. © 2021 Cisco and/or its affiliates. All rights reserved. Cloud services and microservices architecture gaining popularity Typically using OpenAPI Specification: Standard, language-agnostic interface Allows both humans and computers to discover and understand the capabilities of a service No access to source code or other documentation is needed Interface files for describing, producing, consuming, and visualizing RESTful web services Allows parallel development of client and server applications using generated code and mocks OpenAPI Specs
  • 4. © 2021 Cisco and/or its affiliates. All rights reserved. API Specs Challenges Not all applications have their OpenAPI specification available (legacy, external) Designed API vs Runtime API Deprecated APIs (Zombie APIs) Undocumented APIs (Shadow APIs) Breaking changes Differences over time Obtaining OpenAPI Spec without code instrumentation or modifying existing workloads
  • 5. © 2021 Cisco and/or its affiliates. All rights reserved. API Specs Challenges - Gartner Every connected mobile, modern web or cloud-hosted application uses and exposes APIs: Easy to expose but difficult to defend Used to access data and to call application functionality Large and growing attack surface, leading to a growing number of publicized API attacks and breaches
  • 6. © 2021 Cisco and/or its affiliates. All rights reserved. Existing Open Source Solutions Similar products: Akita, Imvision, Salt Open sources: Optic, Avantation, har2openapi, Response2Schema, InducOapi, SwagDefGen Community tool (free but not open source): API Shark, SwaggerHub List of Tools: Open API Tools, API Specification Toolbox
  • 7. © 2021 Cisco and/or its affiliates. All rights reserved. Open API Tools https://openapi.tools/ Tool Types • Auto Generators: Tools that will take your code and turn it into an OpenAPI Specification document • Converters: Various tools to convert to and from OpenAPI and other API description formats • Data Validators: Check to see if API requests and responses are lining up with the API description • Description Validators: Check your API description to see if it is valid OpenAPI • Documentation: Render API Description as HTML (or maybe a PDF) so slightly less technical people can figure out how to work with the API • DSL: Writing YAML by hand is no fun, and maybe you don't want a GUI, so use a Domain Specific Language to write OpenAPI in your language of choice • GUI Editors: Visual editors help you design APIs without needing to memorize the entire OpenAPI specification • Learning: Whether you're trying to get documentation for a third-party API based on traffic or are trying to switch to design-first at an organization with no OpenAPI at all, learning can help you move your API spec forward and keep it up to date • Miscellaneous: Anything else that does stuff with OpenAPI but hasn't quite got enough to warrant its own category • Mock Servers: Fake servers that take description document as input, then route incoming HTTP requests to example responses or dynamically generates examples • Parsers: Loads and read OpenAPI descriptions, so you can work with them programmatically • SDK Generators: Generate code to give to consumers, to help them avoid interacting at a HTTP level • Security: By poking around your OpenAPI description, some tools can look out for attack vectors you might not have noticed • Server Implementations: Easily create and implement resources and routes for your APIs • Testing: Quickly execute API requests and validate responses on the fly through command line or GUI interfaces • Text Editors: Text editors give you visual feedback whilst you write OpenAPI, so you can see what docs might look like
  • 8. © 2021 Cisco and/or its affiliates. All rights reserved. API Specification Toolbox http://api.specificationtoolbox.com/services/
  • 9. © 2021 Cisco and/or its affiliates. All rights reserved. Optic Open Source tool Helps developers to document, review and approve API changes prior to deploying them Language agnostic, works with any REST API Observes development traffic and learns your API’s behavior Detects API changes by diffing traffic against the current specification Adds an accurate API changelog to every Pull Request Mechanism to manually review and update the specification Not designed to monitor multi service environments
  • 10. © 2021 Cisco and/or its affiliates. All rights reserved. SwaggerHub No need for a setup – generate API traffic from Web UI Records API traffic and converts it to OAS using SwaggerHub Not an open source No integration with runtime environments
  • 11. © 2021 Cisco and/or its affiliates. All rights reserved. API Shark Live monitoring of multi-service environments OAS spec learning from runtime traffic Automatic parameter detection Seamless No Spec Diff detection Not an open source No review option of the learned spec
  • 12. © 2021 Cisco and/or its affiliates. All rights reserved. Live monitoring of multi-service environments Spec Diff detection Not free Not an open source Imvision API Security OAS spec learning from runtime traffic Mechanism to manually review and update the specification
  • 13. © 2021 Cisco and/or its affiliates. All rights reserved. No code changes are needed to any of your App Construct the OpenAPI specification by observing the API traffic UI dashboard to audit and monitor the API findings Alert the user on any difference between the approved API specification and the one that is observed in runtime, detects shadow & zombie APIs Introducing APIClarity Capture all API traffic in an existing environment using a service-mesh framework Allow the User to upload OpenAPI spec, review, modify and approve generated OpenAPI specs
  • 14. © 2021 Cisco and/or its affiliates. All rights reserved. APIClarity: High-Level Architecture Users Istio Client App Envoy Proxy Fronted App Envoy Proxy Backend App Envoy Proxy POST/login GET/clients Mirror API traffic from Proxies OpenAPI Spec Engine UI • API events • Learned Specs • API Diff API spec user review Frontend Pod Client Pod Backend Pod K8s Cluster
  • 15. © 2021 Cisco and/or its affiliates. All rights reserved. Spec Reconstruction Features Parameter detection (Path, query, header, cookie) Object references Security definitions File transfer
  • 16. © 2021 Cisco and/or its affiliates. All rights reserved. Demo Environment K8s cluster Istio service mesh APIClarity installed Sock-shop demo app Setup
  • 17. © 2021 Cisco and/or its affiliates. All rights reserved. Demo Flow 1 2 3 4 5 6 7 APIClarity deployment overview (clone, build, deploy) Visibility of runtime API events Event filtering, hit count graphs OAS learning – generating traffic using the sock-shop demo app Review of automatically generated OAS learned from the traffic Approve the reviewed spec and see in Swagger UI User provided spec Monitor and observe whether the API events correspond to set specs API event diffs, Shadow APIs, Zombie APIs
  • 18. © 2021 Cisco and/or its affiliates. All rights reserved. It’s Demo Time © 2021 Cisco and/or its affiliates. All rights reserved.
  • 19. © 2021 Cisco and/or its affiliates. All rights reserved. API development and security aspects of APIClarity Analyze spec for security issues and best practices Run API fuzzing tests using the spec Generate Client and Server code Generate Client and Server mocks Documentation Knowing the API Spec is the first step to identifying your API risks Mock generation Documentation Fuzzing tests OAS issue analysis Security Development Code generation
  • 20. © 2021 Cisco and/or its affiliates. All rights reserved. Roadmap OAS 3.0, GraphQL, gRPC Integration with additional environments (Browsers, Postman, API gateways, etc.) Support spec schema review in UI System settings User management
  • 21. © 2021 Cisco and/or its affiliates. All rights reserved. Questions? © 2021 Cisco and/or its affiliates. All rights reserved.