API Integration Tutorial:

Testing, security and

API management
 Tutorial

In this tutorial
In this tutorial:
A roundup of the leading API
As application program interface integration increases, so do the
management tools available challenges with maintaining management, testing, and security.
today………………………………..…. p.2
This API integration tutorial compares leading API management
What are some solid options tools currently available on the market, as well as strategies for
for open source API RESTful API testing.
management tools?.............. p.14

Get a better understanding of API integration and management

The basics of establishing a
strategies.
RESTful API testing program
……………………………………………. p.17

Testing microservices and

APIs in the cloud……………... p.24

How do I create a secure API

for mobile?............................... p.29

About
SearchMicroservices.com
……………………………………………. p.31

Page 1 of 31
 Tutorial

In this tutorial
A roundup of the leading API management
A roundup of the leading API tools available today
management tools available
today………………………………..…. p.2 Zachary Flower, Freelance writer, SearchMicroservices.com

API management is a constantly growing market with more new products

What are some solid options popping up every year. As a result, narrowing all of the potential choices
for open source API down to one perfect platform can feel like an overwhelming task. The sheer
management tools?.............. p.14 number of options out there makes choosing one an extremely tough
decision.
The basics of establishing a To help relieve the strain involved with this decision, we've put together this
RESTful API testing program detailed product roundup covering 10 of the leading API management tools
……………………………………………. p.17 currently available on the market. These overviews, appearing in
alphabetical order, will provide you with key information you need when
Testing microservices and deciding which of these platforms is right for your organization. They'll also
APIs in the cloud……………... p.24 provide you with a solid understanding of the state of today's API
management marketplace.

How do I create a secure API

for mobile?............................... p.29
3scale API Management
About Cost: Starting at $50 per month
SearchMicroservices.com License: Commercial
……………………………………………. p.31 Market: Startup/SMB/Enterprise
Delivery: Proxy/Agent/Hybrid

Page 2 of 31
 Tutorial

3scale is an incredibly flexible API management platform from Red Hat Inc.
In this tutorial Unlike many of the API management tools on this list, 3scale has a very self-
serving product offering, which has resulted in a very affordable and flexible
A roundup of the leading API
platform. The low barrier-to-entry of the 3scale platform allows
organizations to slowly scale up their API(s) both architecturally and
management tools available
financially, rather than having to make a high-cost commitment on a brand
today………………………………..…. p.2
new service. Although 3scale does offer both on-site and cloud-based
delivery methods for the API management platform, its particular brand of
What are some solid options delivery is unique in that the on-premises gateway is built around the NGINX
for open source API server. This gives organizations the flexibility to use whatever infrastructure
management tools?.............. p.14 best suits their needs. Additionally, 3scale integrates directly with popular
cloud providers Heroku, Amazon Web Services and Red Hat OpenShift for
more rapid deployments.
The basics of establishing a
RESTful API testing program While 3scale has incredibly flexible delivery methods, the feature that stands
……………………………………………. p.17 out the most is the end-user experience. 3scale operates under the
philosophy that API success is dependent on creating an awesome
Testing microservices and developer experience. This attitude has led to the creation of engaging
APIs in the cloud……………... p.24 developer portals and live Swagger-based documentation for a dynamic,
usable developer experience.

How do I create a secure API Starting at $50 per month, 3scale's base package is incredibly financially
for mobile?............................... p.29 approachable. This base package includes the most desirable features in an
API management platform, including rate limiting, analytics, a developer
About
portal and key management. The next package up from there, starting at
SearchMicroservices.com
$150 per month, adds API monetization and multiple apps per account to the
list of features. The final tier, priced at $750 per month, is aimed at larger
……………………………………………. p.31
organizations with multiple APIs, users and administrators. 3scale does offer

Page 3 of 31
 Tutorial

enterprise-level features and pricing as well, but those interested should

In this tutorial contact the company for pricing information.

A roundup of the leading API

management tools available Akana Platform
today………………………………..…. p.2
Cost: Starting at $4,000 per month
License: Commercial
What are some solid options
Market: Enterprise
for open source API
Delivery: Proxy/Agent/Hybrid
management tools?.............. p.14
Akana Platform from Rogue Wave Software is an enterprise-level API
The basics of establishing a management system aimed at larger organizations with highly defined
RESTful API testing program product lifecycle workflows. Touting customers like American Express,
……………………………………………. p.17 Verizon and eBay, Akana Platform comes equipped with a developer portal
and tools for design, security, traffic management, mediation, integration,
analytics and monetization. Akana stands out, however, in its collection of
Testing microservices and lifecycle management tools. It provides a version control system that allows
APIs in the cloud……………... p.24 for approval-based changes, and integrates directly with popular DevOps
platforms like Jenkins, JIRA and GitHub to keep everyone in the loop.
How do I create a secure API
It's also worth noting that Akana Platform is a gold-certified Microsoft
for mobile?............................... p.29
partner, meaning the company offers a genuine, Microsoft-approved system
for enterprises developing products on the Microsoft technology stack. All
About of Akana Platform's tools integrate directly with Microsoft's cloud platforms,
SearchMicroservices.com which includes built-in support for Microsoft Visual Studio and Team
……………………………………………. p.31 Foundation Server within its Lifecycle Management toolset. There's even
native Windows Server and Azure cloud support. In addition to version

Page 4 of 31
 Tutorial

control and DevOps integrations, the platform also provides a low-level

In this tutorial relationship visualizer, allowing stakeholders to visualize how all the pieces
of an API relate to each other, providing full visibility into how every change
A roundup of the leading API
affects the architecture of the entire system.
management tools available
today………………………………..…. p.2
Apigee
What are some solid options Cost: Starting at $300 per month
for open source API
License: Commercial
management tools?.............. p.14
Market: SMB/Enterprise
Delivery: Proxy/Agent/Hybrid
The basics of establishing a
RESTful API testing program Apigee is a transparency-driven API management tool from Apigee Corp.
……………………………………………. p.17 that is aimed at small to medium-sized businesses, but with substantial
enterprise-level options as well. The Apigee platform has some strong
analytics tools, allowing organizations to track API performance, latency,
Testing microservices and error rates, traffic and usage, and even provides a real-time debugger for
APIs in the cloud……………... p.24 tracing issues down to the source.

While Apigee has some great analytics tools, what really sets it apart are its
How do I create a secure API
monetization tools. With Apigee, organizations can monetize their APIs in a
for mobile?............................... p.29
multitude of unique ways, from offering free trials based on time or API call
volume to charging users based on usage or a flat fee over time. However,
About Apigee has added a truly unique twist to this feature: revenue-sharing
SearchMicroservices.com capabilities that allow organizations to share revenue with their own API
……………………………………………. p.31 consumers. This gives organizations the ability to not only charge a
percentage of revenue generated by API consumers, but also gives that

Page 5 of 31
 Tutorial

same organization the ability to share a percentage of revenue with API

In this tutorial consumers. This can potentially open the door for powerful affiliate
programs and partnerships.
A roundup of the leading API
management tools available
today………………………………..…. p.2 Azure
Cost: Starting at $50 per month
What are some solid options
License: Commercial
for open source API
Market: Startup/SMB/Enterprise
management tools?.............. p.14
Delivery: Proxy

The basics of establishing a Microsoft is a relative newcomer to the field of API management, especially
RESTful API testing program when compared with a few of the other API management tools in this
……………………………………………. p.17 roundup. The Azure API management platform is a cloud-based gateway
targeted toward organizations of all sizes, starting at just $50 per month and
scaling up as needed. While the Azure API management platform will work
Testing microservices and with any host via a direct or virtual private network connection, the big
APIs in the cloud……………... p.24 advantage to using the platform is its direct integration with the rest of the
Azure ecosystem.
How do I create a secure API
With direct support for services like the Azure Active Directory and the
for mobile?............................... p.29
ability to work seamlessly with Azure virtual networks and ExpressRoute,
the Azure API management platform is the perfect choice for organizations
About that are already consuming the Azure ecosystem. Beyond the obvious
SearchMicroservices.com integrations within its own architecture, getting started with the Azure API
……………………………………………. p.31 management platform is as easy as importing an existing Swagger

Page 6 of 31
 Tutorial

specification. This gives organizations the flexibility to move to Azure from

In this tutorial any other platform with very little overhead.

A roundup of the leading API

management tools available CA API Management
today………………………………..…. p.2
Cost: Not provided
License: Commercial
What are some solid options
Market: Enterprise
for open source API
Delivery: Cloud/Agent/Hybrid
management tools?.............. p.14
CA Technologies' API management platform is geared heavily toward
The basics of establishing a enterprise organizations, resulting in a very sales- and consulting-driven
RESTful API testing program organization. As a result of this enterprise-leaning sales funnel, pricing for
……………………………………………. p.17 the CA API Management platform is not readily available.

While the CA API Management platform shares many of the same features
Testing microservices and as other offerings, such as a developer portal, endpoint management and
APIs in the cloud……………... p.24 analytics, the thing that makes it stand apart is its emphasis on mobile API
management. The feature that highlights this support is the CA Mobile API
Gateway. This is an API gateway that provides mobile-friendly API design
How do I create a secure API
and is specifically tailored to handle things like security, identity, adaption,
for mobile?............................... p.29
optimization and integration. By providing software development kits (SDKs)
and granular security policies, the CA Mobile API Gateway can drastically
About speed up application development and deployment, while also ensuring a
SearchMicroservices.com safe and secure API environment.
……………………………………………. p.31

Page 7 of 31
 Tutorial

It is important to note that these features focus specifically on mobile-first

In this tutorial use cases through increased caching, mobile-specific SDKs and standards-
based architecture and authentication methods, making the CA Mobile API
A roundup of the leading API
Gateway stand out from standard API gateways.
management tools available
today………………………………..…. p.2
Cloud Elements
What are some solid options Cost: Starting at $1,000 per month
for open source API
License: Commercial
management tools?.............. p.14
Market: Startup/SMB/Enterprise
Delivery: Proxy
The basics of establishing a
RESTful API testing program Cloud Elements Inc. offers users a different sort of API management
……………………………………………. p.17 platform in that its APIs are built around the concept of connecting disparate
data sources and services through entities called hubs and elements. What
makes this concept unique is that its namesake Cloud Elements platform
Testing microservices and integrates with a multitude of third-party APIs and services (the
APIs in the cloud……………... p.24 aforementioned elements), allowing organizations to build out complex
REST APIs with minimal engineering overhead. A great analogy of this hub-
How do I create a secure API and-element model (albeit a simplistic one) is that Cloud Elements is like the
for mobile?............................... p.29 IFTTT of APIs.

Cloud Elements executes this integration strategy by providing data

About transformation tools and workflow orchestration, providing total control over
SearchMicroservices.com how your organization's internal and external services interact with each
……………………………………………. p.31 other within your API. By providing a centralized management system, Cloud
Elements enables organizations to track the usage, response time and even

Page 8 of 31
 Tutorial

logs across all of these platforms. This allows development teams to spend
In this tutorial less time dealing with the nuances of third-party API integrations and more
time building and managing a reliable product. With very little effort, an
A roundup of the leading API
existing API can be integrated directly with Salesforce, SendGrid, Slack and
even JIRA, making it possible for organizations to use the tools they are
management tools available
already familiar with to manage the health of their API.
today………………………………..…. p.2

What are some solid options

for open source API
Kong
management tools?.............. p.14 Cost: Starting at $0 per month
License: Apache 2.0
The basics of establishing a Market: Startup/SMB/Enterprise
RESTful API testing program Delivery: Proxy
……………………………………………. p.17
Mashape Inc., like Cloud Elements, handles API management much
differently than the other leading platforms. Its core offering, Kong, is an
Testing microservices and open source API gateway that can run in front of any RESTful API. This is
APIs in the cloud……………... p.24 similar to the cloud-based delivery methods of most commercial API
management tools -- the main difference being that the proxy is managed
How do I create a secure API internally rather than externally. Kong has a highly extensible plug-in
for mobile?............................... p.29 architecture, which enables total control over the features and services
provided by your API. At a high level, the officially supported plug-ins handle
things like authentication, security, traffic control, analytics and even data
About transformations and logging. This plug-in-oriented feature set makes it
SearchMicroservices.com possible to support only the features that are important to your project,
……………………………………………. p.31 without having to worry about additional features and services going
unused.

Page 9 of 31
 Tutorial

Though not open sourced like Kong, Mashape also offers a powerful
In this tutorial commercial API analytics platform called Galileo and a commercial
developer portal platform called Gelato. These two services can move an
A roundup of the leading API
existing API from the private to the public space by adding tools that are
important to product stakeholders and API consumers. Galileo accomplishes
management tools available
this with analytics tools that provide real-time logging of API calls, request
today………………………………..…. p.2
replaying, usage statistics and even error alerting. These are desirable
features for product managers and development teams alike, as they give
What are some solid options total insight into what is and isn't working within an API. Gelato, on the other
for open source API hand, provides a drop-in public face to an API. With Swagger and API
management tools?.............. p.14 Blueprint support, developer registration management, a live API explorer,
and even markdown management of API documentation, Gelato is an
excellent developer portal product.
The basics of establishing a
RESTful API testing program
……………………………………………. p.17
Mashery
Testing microservices and Cost: Not provided
APIs in the cloud……………... p.24 License: Commercial
Market: SMB/Enterprise
How do I create a secure API Delivery: Proxy/Agent/Hybrid
for mobile?............................... p.29
Mashery from TIBCO Software Inc. is an API management platform
designed and built with ease-of-use in mind. While not as enterprise-leaning
About as other platforms, Mashery is still a good fit for small to medium-sized
SearchMicroservices.com businesses that are beyond the early startup stage. This is evidenced
……………………………………………. p.31 through TIBCO Software's direct sales-driven funnel approach, which is a
change from the more organic, self-serve onboarding process found

Page 10 of 31
 Tutorial

amongst other platform providers. Despite the larger business-size market,

In this tutorial TIBCO has built out an impressive support system for its customers,
including everything from white papers to webinars and events, as well as
A roundup of the leading API
strategy and technical support services.
management tools available
What makes Mashery so unique is its API Microflow designer, which is, by
today………………………………..…. p.2
far, the platform's standout feature. At a high level, the Microflow designer is
a browser-based tool that can be used to describe the operational behavior
What are some solid options of an API. Individual Microflows can be used to manage data
for open source API transformations, request routing, query throttling and even implement
management tools?.............. p.14 caching. These policies can be inserted directly in the path of the request or
response workflow, allowing users to transform individual endpoint
responses, throttle requests for abused operations and cache infrequently
The basics of establishing a
updated responses.
RESTful API testing program
……………………………………………. p.17

MuleSoft
Testing microservices and
APIs in the cloud……………... p.24 Cost: Not Provided
License: Commercial
How do I create a secure API Market: Enterprise
for mobile?............................... p.29
Delivery: Proxy/Agent/Hybrid

MuleSoft is an enterprise-level service that goes beyond providing just an

About API management tool. The crux of MuleSoft's service is its Anypoint
SearchMicroservices.com Platform, a service that acts as the glue between disparate services and
……………………………………………. p.31 APIs. While MuleSoft Inc.'s API management tool is part of the Anypoint
Platform, the platform itself is a collection of tools and services that allow

Page 11 of 31
 Tutorial

organizations to compose their API architecture and integrate it with a

In this tutorial multitude of third-party APIs and services. It also provides a marketplace for
easily finding and integrating custom elements (such as connectors,
A roundup of the leading API
templates and APIs).
management tools available
MuleSoft is an excellent platform for organizations that need to quickly and
today………………………………..…. p.2
easily integrate with multiple third-party services. But what sets MuleSoft
apart is the large number of other add-ons available in the Anypoint
What are some solid options Exchange marketplace. This marketplace not only provides third-party API
for open source API integrations, but also connectors, templates and examples. This means
management tools?.............. p.14 users can easily add Salesforce and Slack through the third-party API
integrations, as well as implement real-time synchronization of users and
Salesforce customers through the "Salesforce to Database User Broadcast"
The basics of establishing a
template.
RESTful API testing program
……………………………………………. p.17

Testing microservices and
APIs in the cloud……………... p.24
How do I create a secure API
for mobile?............................... p.29
WSO2
Cost: Starting at $0 per month
License: Apache 2.0
Market: Startup/SMB/Enterprise
Delivery: Proxy/Agent/Hybrid

WSO2 is, by far, the most popular and feature-complete open source API
About management platform on the market today. It provides everything from
SearchMicroservices.com design and prototyping tools to developer tools and traffic
……………………………………………. p.31 management. While WSO2 is loaded with the same features found in the
other leading API management tools, what really makes it special is the

Page 12 of 31
 Tutorial

customizability of the platform. WSO2 is highly configurable, allowing

In this tutorial organizations to modify the look, feel and usage of the platform through
styling, theming and code extensions. These extensions can be developed
A roundup of the leading API
internally or found as additional open source projects that are built and
managed by other WSO2 consumers.
management tools available
today………………………………..…. p.2
Because WSO2 is open sourced, it's worth bringing attention to the
increased security and quality that often comes with open source software.
What are some solid options Popular open source projects often have hundreds to thousands of
for open source API developer eyes on them, allowing for issues to be caught and fixed much
management tools?.............. p.14 earlier than many other competitors. This security benefit is known as "Linus'
Law," named for the creator of Linux, Linus Torvalds. Linus' Law states that
"given enough eyeballs, all bugs are shallow."
The basics of establishing a
RESTful API testing program
……………………………………………. p.17
Wrapping up
Testing microservices and While the products listed above are well-known and well-supported, they are
APIs in the cloud……………... p.24 just a few of many. As such, it's crucial to do your own research and
collaborate with your team to find the software that works best for the
needs of you and your team. If one of the products above does not quite fit
How do I create a secure API
the bill, then use the closest one as a starting point in your search for the
for mobile?............................... p.29
perfect API management platform.

About In the end, the most important thing to remember when evaluating any new
SearchMicroservices.com DevOps platform is that getting the buy-in from your entire team determines
……………………………………………. p.31 success far more than how many bells and whistles any one platform has.

Page 13 of 31
 Tutorial

In this tutorial
What are some solid options for open
A roundup of the leading API source API management tools?
management tools available
today………………………………..…. p.2 Twain Taylor, Freelancer, SearchMicroservices.com

APIs are the fuel that powers all interactions between applications behind
What are some solid options the scenes. APIs have become essential to enabling services to talk to each
for open source API other, especially as more enterprises shift to distributed architectures, like
management tools?.............. p.14 microservices.

While many tend to go the commercially supported API route and make use
The basics of establishing a of proprietary tools, an increasing number of organizations are making use
RESTful API testing program of publicly available open source tools. Let's look at the top open source API
……………………………………………. p.17 management tools available today

Testing microservices and

APIs in the cloud……………... p.24 Kong
Created by Mashape, Kong acts as a management layer for all your APIs. It
How do I create a secure API
sits between the microservices that contain the API agents and the load
for mobile?............................... p.29
balancer that routes requests across all APIs. Powered by Nginx, Kong
excels at distributing API tasks, whether on premises or in the cloud. It can
About be set up in a single or multi-data center environment and is compatible with
SearchMicroservices.com any modern infrastructure stack.
……………………………………………. p.31

Page 14 of 31
 Tutorial

Based on plug-ins, Kong is easy to extend and has ready-made plug-ins for
In this tutorial many popular services. For example, it can be used to manage and invoke
Amazon Web Services Lambda functions, and monitoring data can be sent
A roundup of the leading API
to a monitoring tool, like Datadog, or a logging service, like Loggly.
management tools available
today………………………………..…. p.2
Tyk
What are some solid options Tyk is another capable open source API management tool. It can be set up
for open source API by yourself on premises, or you can pay to use a version hosted by Tyk. A
management tools?.............. p.14 recently launched Kubernetes integration also lets you set up Tyk in a
Google Cloud Kubernetes container cluster. Central to the Tyk experience is
The basics of establishing a its API gateway; it's actually Tyk's API that lets you manage your own API
RESTful API testing program requests.
……………………………………………. p.17
Tyk is evolving quickly, and you'll need to keep a close watch on all its
releases since many come with major updates. Tyk claims that v2.3 can
Testing microservices and handle more than double the traffic of v2.2. This fast pace of development
APIs in the cloud……………... p.24 makes it hard to document every change adequately. Some very new
features may not be included in the main product documentation and are
found in the release notes. While Tyk does report on performance and error
How do I create a secure API
metrics, it could do better at showing the details of the errors, which can
for mobile?............................... p.29
help with root cause analysis.

About Like Kong, Tyk is also easy to extend. There are already integrations with
SearchMicroservices.com many tools, such as logging integration with Logstash. You can also write
……………………………………………. p.31 plug-ins for Tyk in a range of languages, including gRPC and Python. You

Page 15 of 31
 Tutorial

should plan on eventually integrating plug-ins into the open source software
In this tutorial core of Tyk.

A roundup of the leading API

management tools available API Umbrella
today………………………………..…. p.2
Developed by the National Renewable Energy Laboratory, API Umbrella
powers the popular data.gov website. API Umbrella provides all the standard
What are some solid options API management features, including key management, rate limiting and
for open source API analytics. It features a web admin interface and has well-indexed
management tools?.............. p.14 documentation.

The basics of establishing a

Unlike the previous open source API management tools, which feature
commercial hosted options, API Umbrella only has an open source option.
RESTful API testing program
This means you will be fully dependent on the community for support.
……………………………………………. p.17
However, there is an active community backing this project, and new
releases are quite frequent.
Testing microservices and
APIs in the cloud……………... p.24

A buzzing market
How do I create a secure API
for mobile?............................... p.29 Clearly, the market for open source API management tools is buzzing with
activity, and you'd be spoiled for choice trying to pick the best among them.
In addition to the tools mentioned above, you should also consider taking a
About look at WSO2, ApiAxle and Fusio offerings.
SearchMicroservices.com
……………………………………………. p.31

Page 16 of 31
 Tutorial

In this tutorial
The basics of establishing a RESTful API
A roundup of the leading API testing program
management tools available
today………………………………..…. p.2 Greg Sypolt, Senior Engineer, Gannett

The standard practice of testing web applications for many years was
What are some solid options heavily front-end graphic user interface tests. Recently, the standards of
for open source API testing have undergone a makeover from top to bottom. To move toward a
management tools?.............. p.14 modern delivery pipeline, such as continuous integration or continuous
delivery, teams need to be at least versed in automation, and focus must
shift upon preventing bugs by building in quality upfront and efficiently.
The basics of establishing a
Developers, product managers, business analyst and QA team members
RESTful API testing program
must begin by planning and building a better testing portfolio. As they start
……………………………………………. p.17
working closely together, they will begin to identify what they need to meet
the acceptance criteria and determine as a team what the best way to test
Testing microservices and is. This also requires following the "testing pyramid methodology" by
APIs in the cloud……………... p.24 creating more lower-level tests -- API tests, for instance -- creating a smaller
percentage of UI tests in the end.
How do I create a secure API This journey starts with RESTful API testing. At the end of this article, you
for mobile?............................... p.29 will have a better understanding of why API testing is necessary, its key
physical and logical layers, how to design a testing blueprint for APIs, and
About the technologies available to help.
SearchMicroservices.com
……………………………………………. p.31

Page 17 of 31
 Tutorial

In this tutorial
What is a RESTful API?
A roundup of the leading API In simple layman's terms, REST is a way for two computers to communicate
management tools available with each other over the internet. One acts as a web browser, and the other
today………………………………..…. p.2 acts as a web server. The transfer happens over the web, which
communicates through HTTP/HTTPS protocols. The HTTP request
methods performed are GET, PUT, POST and DELETE.
What are some solid options
for open source API The two commonly used methods are GET and POST:
management tools?.............. p.14
• GET is used for retrieving data from a specified resource.
The basics of establishing a • POST is used for creating data to be processed to a specified
RESTful API testing program resource.
……………………………………………. p.17
An example of this is the GitHub API for repository_url, shown below:
The moment the HTTP request is fired it will begin communicating with the
Testing microservices and layered architecture.
APIs in the cloud……………... p.24

How do I create a secure API Review the REST Layered Architecture

for mobile?............................... p.29
The REST layered architecture is simply a software design pattern that is
implemented in a stack of layers. The traditional layers help you better
About
organize the code. For instance, an application can have the following layers:
SearchMicroservices.com
presentation, business Logic, data access and data storage.
……………………………………………. p.31

Page 18 of 31
 Tutorial

In this tutorial
Presentation
A roundup of the leading API The top-most layer of the application is the user interface, which translates
management tools available the response into machine readable format for users to understand. The
today………………………………..…. p.2 presentation layer takes care of content representation, shown here:

What are some solid options

for open source API Business Logic
management tools?.............. p.14
The logical layer is the brains of the application. This layer processes and
communicates the data between the layers and makes logical decisions.
The basics of establishing a Some "logical" decisions the logical layer makes include the handling of the
RESTful API testing program API, authentication and authorization, auditing, and exception handling.
……………………………………………. p.17

Testing microservices and Data Access

APIs in the cloud……………... p.24
The data access layer provides simplified access to data stored -- database,
flat files and more -- separate from business logic and presentation code. It
How do I create a secure API
is tightly coupled with the data storage layer.
for mobile?............................... p.29

About
SearchMicroservices.com
……………………………………………. p.31

Page 19 of 31
 Tutorial

In this tutorial
Data Storage
A roundup of the leading API The data storage layer will consist of a relational database management
management tools available system, NoSQL database, file system, remote storage in the cloud or in-
today………………………………..…. p.2 memory.

What are some solid options

for open source API Design an API Blueprint for Development and
management tools?.............. p.14 Testing
The basics of establishing a
When designing your RESTful API testing strategy blueprint, it is important
to outline all the activities that will be carried out for a sprint and the release.
RESTful API testing program
Having a clear testing strategy will increase the collaboration and
……………………………………………. p.17
communication early in the sprint, rather than towards the end. Often, teams
see an uptick in productivity when everyone on the team takes on more
Testing microservices and ownership, responsibility and accountability for product quality.
APIs in the cloud……………... p.24

How do I create a secure API User experience pyramid

for mobile?............................... p.29
When launching and maintaining an API, the entirety of the team needs to
consider every aspect of the API user experience. This pyramid represents
About the different API characteristics the team should consider:
SearchMicroservices.com
……………………………………………. p.31

Page 20 of 31
 Tutorial

In this tutorial
Selecting a Testing Technology
A roundup of the leading API The options can be overwhelming; there are lots of open source tools,
management tools available vendor tools and custom testing harnesses. It's useful to think practically
today………………………………..…. p.2 about your requirements while evaluating any testing technology.

What are some solid options

for open source API Test Coverage
management tools?.............. p.14
To build quality products that everyone raves about requires a well thought-
out testing strategy. It starts early in the process of writing code by writing
The basics of establishing a tests in parallel during the sprint. This will lead to better design and fewer
RESTful API testing program bugs. Unit tests are the backbone of any test strategy.
……………………………………………. p.17

Testing microservices and Defining Standards

APIs in the cloud……………... p.24
It's critical to establish standards upfront and communicate them to
everyone on the team. This will help avoid, for instance, general testing and
How do I create a secure API
coding headaches caused by unexpected changes or inabilities to scale.
for mobile?............................... p.29
Continue to evaluate and recalibrate along the way.

About
SearchMicroservices.com
……………………………………………. p.31

Page 21 of 31
 Tutorial

In this tutorial
Responsibilities
A roundup of the leading API Clearly outline each team member's responsibilities for developers, QA,
management tools available DevOps teams and product managers.
today………………………………..…. p.2

What are some solid options Continuous Testing

for open source API
management tools?.............. p.14 Continuous testing is not only about the implementation of API tests. It is
first and foremost a strategy, then a tool selection and then an
implementation of more than just API tests. Once set up, and when backed
The basics of establishing a by great analytics, continuous testing improves the quality of applications
RESTful API testing program and entire delivery chains.
……………………………………………. p.17

Testing microservices and Technologies for RESTful API testing

APIs in the cloud……………... p.24
The most common challenge for any type of automated scripting is locating
the right technology for the project. I have found that many teams never get
How do I create a secure API
past this phase due to several reasons:
for mobile?............................... p.29

• Unawareness of all the available tools or testing frameworks.

About • A lack of the expertise or knowledge needed to customize and deploy
SearchMicroservices.com an existing framework.
……………………………………………. p.31 • An inability to afford the cost of vendor tools.

Page 22 of 31
 Tutorial

• No available time or resources to build a custom testing harness from

In this tutorial the bottom up.

Here are some of the tools or frameworks are widely used for automating
A roundup of the leading API
API testing:
management tools available
today………………………………..…. p.2
Open Source Vendor Custom

What are some solid options Frisby.js + Jasmine SoapUI Pro NodeJS
for open source API
management tools?.............. p.14
Chakram Smart Bear

REST-assured Runscope
The basics of establishing a
RESTful API testing program Swagger
……………………………………………. p.17
Vows + api-easy

Testing microservices and

APIs in the cloud……………... p.24
Conclusion
How do I create a secure API
The testing strategy is not just a piece of paper. It's the reflection of all the
for mobile?............................... p.29
activities -- development, testing and the continuous loop of feedback. It
improves the entire delivery chain by providing fast feedback and allowing
About the possibility of iterations during the sprint. And it will allow you to release
SearchMicroservices.com your RESTful APIs to the wild with confidence.
……………………………………………. p.31

Page 23 of 31
 Tutorial

In this tutorial
Testing microservices and APIs in
A roundup of the leading API the cloud
management tools available
today………………………………..…. p.2 Tom Nolle, President, CIMI Corp

The Internet and cloud computing are quickly shifting application focus from
What are some solid options SOA and service busses to microservices and RESTful design. Application
for open source API architects and developers find the new models to be more agile, but the very
management tools?.............. p.14 cloud environment that's helping to spawn both trends is making testing
microservices and RESTful APIs notoriously difficult.
The basics of establishing a To avoid being "trapped in flexibility," developers need to first understand
RESTful API testing program the issues of multidimensional agility the cloud presents, build an approach
……………………………………………. p.17 by applying abstraction principles effectively to reduce complexity, and
design services and APIs to be flexible in the functional and deployment
Testing microservices and dimensions without becoming disorderly.
APIs in the cloud……………... p.24
Application agility, meaning the ability of application development to quickly
address changes in business needs and opportunities, is increased in large
How do I create a secure API part by componentization and component reuse. Rather than building a
for mobile?............................... p.29 totally new application every time something is needed, componentized
development builds an inventory of reusable components that can be easily
assembled and reassembled.
About
SearchMicroservices.com
Cloud computing also improves agility by shortening the deployment cycle
……………………………………………. p.31 through the use of public server pools and by facilitating application scaling

Page 24 of 31
 Tutorial

and component replacement under changes in load or resource

In this tutorial status. Beyond that, the cloud is a handy platform to host microservices or
components that are not only broadly useful within a company, but also
A roundup of the leading API
broadly useful across the market at large.
management tools available
Cloud development maturity quickly exposed a critical interdependency
today………………………………..…. p.2
here. Testing microservices or APIs in a traditional application can be
challenging, but adding a dimension of resource independence and agile
What are some solid options component instantiation meant that an application could be tested and
for open source API certified in one environment and yet fail in what seems a logical evolution of
management tools?.............. p.14 that environment. Quality of experience (QoE) for workers was particularly
vulnerable to the interplay of these application agility dimensions.
The basics of establishing a The testing process falls victim to too many unconstrained variables and a
RESTful API testing program lack of specific performance or availability objectives for key components of
……………………………………………. p.17 the application. Obviously, the performance of a microservice will depend
on where it is hosted in the network relative to the users of the service and
Testing microservices and
how many instances are available to share the load. Yet in most cases the
APIs in the cloud……………... p.24
design of the microservice or API did not include any assumptions on
variability in deployment location, number of instances, distribution of work
or other things clearly related to cloud deployment.
How do I create a secure API
for mobile?............................... p.29 Behind the concept of microservices, REST and the cloud is the concept of
abstraction, which is a technique to expose the features of something
without exposing the implementation. A microservice is a functional
About
abstraction, REST abstracts processes to look like simple resources and the
SearchMicroservices.com
cloud creates virtual infrastructure that can map to whatever real resources
……………………………………………. p.31
are available. The challenge for testing microservices and APIs in the cloud

Page 25 of 31
 Tutorial

is that the implementation of microservice and REST can collide with cloud
In this tutorial resource mapping. Fortunately, that can be fixed if you take care in how
your abstractions are created in the first place.
A roundup of the leading API
A microservice or API is not a singular web server; that violates the principle
management tools available
of abstracting features from implementation. Thus, microservices and APIs
today………………………………..…. p.2
should be viewed as a gateway to an agile collection of implementations
below. Experienced cloud developers have said: it's essential to have to
What are some solid options view a microservice or RESTful API as a virtual connection that, when
for open source API implemented, includes agile resource positioning through DNS or other
management tools?.............. p.14 directory services, load balancing to manage work among instances, and
management of collective resources against singular virtual
presence. That's exactly correct; the key to testing microservices and APIs
The basics of establishing a
in the cloud successfully is the abstraction of the services and APIs to
RESTful API testing program include the resource allocation and component scaling features to be used,
……………………………………………. p.17 both in terms of objectives to be met and practices to be employed. This will
enable a test plan to include the cloud-related elements and deal with cloud
Testing microservices and quality of experience.
APIs in the cloud……………... p.24
Preparing a test plan of this type means including not only the expected load
variations, QoE or scalability requirements, but also what the cloud
How do I create a secure API implementation is expected to do to respond to them. While the number of
for mobile?............................... p.29 specific things such a plan has to address varies depending on the
application, in general it will be important to do each of the following:
About
• Identify the specific way in which application component locations are
SearchMicroservices.com
registered on deployment, including the time required.
……………………………………………. p.31

Page 26 of 31
 Tutorial

• Specify how work will be distributed among instances of services and

In this tutorial ensure that the needed components are also deployed and
connected. Load balancing practices may dictate special attention be
A roundup of the leading API
paid to state control, though in general REST or microservice APIs are
not stateful.
management tools available
• Identify the means whereby applications or components will detect
today………………………………..…. p.2
either a component failure or a need to scale the number of instances
and verify these are deployed. It's especially important to set
What are some solid options response time goals for this process to set verifiable user-level
for open source API performance and availability parameters.
management tools?.............. p.14 • Prepare test data and procedures to drive the collected resource
control and functional elements of the application through their
expected range of operations, to collect performance data, and
The basics of establishing a
validate functionality.
RESTful API testing program
……………………………………………. p.17
The process of performing the steps above may expose service design or
API design issues. The issue of state control has already been noted, but it
Testing microservices and is possible that stateless service behavior, when applied to horizontally
APIs in the cloud……………... p.24 scaled services, could result in issues of transaction recovery or data
reliability. This illustrates the importance of designing applications to
optimize cloud usage.
How do I create a secure API
for mobile?............................... p.29
Where there might be a profound impact of the cloud on service and API
design, it's important to try to capture the specific factors that make this
About true. This information can then be used to target additional design attention
SearchMicroservices.com at those applications most likely to benefit from it. Also, record all decisions
……………………………………………. p.31 made for each of the steps above, and be prepared to change your
practices if operating experience shows you may have missed important

Page 27 of 31
 Tutorial

issues. With a little effort, microservice and API design and testing in the
In this tutorial cloud can become routine.

A roundup of the leading API

management tools available
Next article
today………………………………..…. p.2

What are some solid options

for open source API
management tools?.............. p.14

The basics of establishing a

RESTful API testing program
……………………………………………. p.17

Testing microservices and

APIs in the cloud……………... p.24

How do I create a secure API

for mobile?............................... p.29

About
SearchMicroservices.com
……………………………………………. p.31

Page 28 of 31
 Tutorial

In this tutorial
How do I create a secure API for mobile?
A roundup of the leading API Matthew David, Leader, Mobile Center of Excellence, Kimberly Clarke
management tools available
today………………………………..…. p.2 Security is often an issue that arises when dealing with mobile devices. And
as APIs have garnered increased importance with regards to mobile
development, the need to create a secure API for that development becomes
What are some solid options
important as well. Here we examine the steps needed to create a secure API
for open source API for mobile.
management tools?.............. p.14
Inherently, all mobile devices are insecure. The approach to developing
The basics of establishing a
mobile apps is to secure all of the parts at play. APIs are an effective way to
RESTful API testing program
deliver solutions across multiple platforms -- think of Google Maps, one of
……………………………………………. p.17
the most popular API libraries -- and it is good to develop a secure API for
mobile, ensuring it's locked down tight.

Testing microservices and There are several steps to achieving a secure API. They include:
APIs in the cloud……………... p.24
• Data at rest and data in transit. Your API will move data back and
forth across the cloud and to devices. Leverage HTTPS to protect
How do I create a secure API
your data in transit and encrypt the data when at rest on the server
for mobile?............................... p.29
and the client.
• API keys. Create APIs that require developer registration. The focus
About for API keys is to lock down and know which apps are using your
SearchMicroservices.com APIs. The API key is unique to each developer and should be stored
……………………………………………. p.31 on your server in Base64 encryption.

Page 29 of 31
 Tutorial

• Oauth2. Oauth is a popular authentication format that has been

In this tutorial improved with Oauth2, a token based authentication solution that is
ideal for securing mobile
A roundup of the leading API
• JWT (JSON Web Token). Take security of your API over the top
management tools available
through the inclusion of a JWT, a new specification that gives you the
today………………………………..…. p.2
tools to create random tokens that can be published to devices,
expire at a specific time and can hold JSON information

What are some solid options The goal is to protect the data on the cloud server as it moves to the API;
for open source API use tools that ensure the data is encrypted as it is stored on a device; and,
management tools?.............. p.14 finally, only show data with the correct authentication. This level of security
is required for a secure API for mobile. Easy, right?
The basics of establishing a
RESTful API testing program
……………………………………………. p.17 About SearchMicroservices.com

Testing microservices and

APIs in the cloud……………... p.24

How do I create a secure API

for mobile?............................... p.29

About
SearchMicroservices.com
……………………………………………. p.31

Page 30 of 31
 Tutorial

In this tutorial
About SearchMicroservices.com
A roundup of the leading API
management tools available Over 4 million programmers, architects, IT managers, and
today………………………………..…. p.2 developers turn to our site for industry news, expert advice and
peer-to-peer learning opportunities around managing
What are some solid options
microservices and service-oriented architecture (SOA),
for open source API
management tools?.............. p.14 application modernization and digital transformation, Business
Process Management (BPM), application integration and APIs,
The basics of establishing a software containers and microservices design and development,
RESTful API testing program DevOps, and more.
……………………………………………. p.17

Testing microservices and For further reading, visit us at:

APIs in the cloud……………... p.24
www.SearchMicroservices.com
How do I create a secure API Images; Fotalia

for mobile?............................... p.29

© 2017 TechTarget. No part of this publication may be transmitted or reproduced in any form or by any means
without written permission from the publisher.

About
SearchMicroservices.com
……………………………………………. p.31

Page 31 of 31