Preparation for deploying API services to the cloud (continued...)
This is a continuation of the previous post.
Conditional modifications –ETags: full response is avoided by the server if the content has not changed.
Absolute Redirects – useful for delegation and automatically enabling client to fulfill their request elsewhere
Link headers or discoverable with links in response content – enables callers to discover as they make the calls and reduces trials and errors.
Canonical URLs – enables consistency and resolution which also works out great for pattern matching
Chunked transfer encoding becomes the only way to request the chunked transfer in HTTP 1
X-HTTP-Method-Override very useful to get past firewall since it is relatively easy to modify parameters
URL less than 2000 characters longer URLs are not only an eye-sore, they are difficult to spot typos
Statelessness frees the client to maintain state and enables retries
?format=json the content might be the same, but the format guides the integration with other systems. For example, virtual data warehouses prefer JSON
URI Templates determines patterns that can be exploited
Semantic interpretation to resources: also helps with Semantic search which goes beyond the syntax
Versioning: features usually span releases. Versioning informs breaks a d and adds discoverable information in logs
Authorization: the privilege granted is easy to map to response codes
Bulk operations: reduces individual calls, while gaining the opportunity to the server to handle them differently
Query parameter for limit and offset standardize listing behavior across resources
No Unicode in URLs: enables searchability while reducing errors.
Error logging: this alone reduces costs for the organization in terms of Maintenance
Timestamp. Critical for correlation and establishing order among events.
SSL encryption is a necessity and uses to turn on or off when not at the request level
Retry-After ensures server health while providing a clear directive to the caller.
Prevent DoS security measures help improve the uptime and availability of server
CSRF: prevents forgery and enables compliance with security standards
Testing: browser-based testing is one of the most popular modes of testing
Documentation: one of the must-haves to endear to the developer audience
Logs: All local logs drain via Syslog but the option to use a log index is reserved for large deployments. That instance can be shared across service and application deployments with the separation of indexes, and an investment in a dedicated log index software product will reduce the cost of the operation.
Metrics: Metrics don’t just look good on the operations dashboard. They look good even from the programmability standpoint. This is easy to achieve with a dedicated Grafana, InfluxDB, and SQL stack. Just like a solution for log indexes, a solution for metrics will lower reporting and manageability costs of operations.
Events: Earlier events used to be analyzed exclusively via message brokers. This is now overcome with stream processors with the help of beautiful event processing languages such as Flink and Spark from Apache foundation. Storage and analytics platforms are also savvy about offering an integrated solution for events.
Notifications: No one should try to manually watch the dashboard for breaches in thresholds. That is left to the automation of notifications from events. Notifications can be generated from solutions catering to logs, events, and metrics and this is a one-time cost.
No comments:
Post a Comment